Practice Test #4 Flashcards

Question 1

Q

Several users have received HTML-based e-mail spam that send them to a malicious website when they click any of the images or links in the message. Which of the following security techniques should you implement?

A) make sure client anti-malware signatures are up to date
B) use a policy to disable HTML images in the e-mail client
C) use a web browser to read HTML messages
D) use a web-caching proxy server

Answer

A

Use a policy to disable HTML images in the e-mail client

Use a policy to disable HTML images in the e-mail client is correct. If the HTML images are not from a trusted source, you can set your e-mail clients to not load HTML images by default. Use a policy to enable this feature for all clients on your network.

Question 2

Q

As part of your business continuity planning, you need to consider the security and validity of stored data in several large databases used by your organization. Which of the following data security concepts deals with making sure that data is not corrupted or tampered with in any way?

A) integrity
B) privacy
C) confidentiality
D) availability

Answer

A

Integrity

Integrity ensures that your data is consistent and never modified by unauthorized persons or manipulated in any intentional or accidental manner.

Question 3

Q

Which of the following is the primary reason for an organization to use a third party to perform penetration testing on its networks instead of having its internal network administrators perform the testing?

A) to check on administrators who are on mandatory vacations
B) to perform attacks while the network is in live production
C) to ensure there is no previous knowledge of system that could cause bias
D) to conduct an audit of current network administrators

Answer

A

To ensure there is no previous knowledge of system that could cause bias

Hiring a third-party company to perform penetration testing on an organization’s networks ensures that the testing simulates a live attack by an unbiased user who is not familiar with the network.

Question 4

Q

You are configuring laptops for your organization’s sales engineers, who will be visiting customer sites to perform technical integration and troubleshooting of your organization’s products installed there. The laptops contain several proprietary applications that should not be distributed outside of your organization. Which of the following actions should you take to help secure the contents of the laptops?

A) enable a Screensaver password
B) provide a hardware locking cable
C) full-disk encryption
D) enable a BIOS password

Answer

A

Full-disk encryption

You can encrypt the contents of the laptops’ hard drives so that they can’t be accessed without a passphrase or other measure entered by the sales engineers.

Question 5

Q

A user on your wireless network has had her login credentials stolen. Your wireless network uses encryption and authentication, and after searching the access logs, you cannot find any evidence of the user accessing the wireless network for the time period the user claims she was connected. Which of the following is the most likely issue?

A) there is a rogue access point
B) the user is running a legacy 802.11 protocol
C) a war driving attack took place
D) the user did not authenticate

Answer

A

There is a rogue access point

A hacker has set up an open wireless access point in the vicinity of your wireless network, and the user has unknowingly connected to it. The hacker was able to analyze the network data to discover the user’s credentials.

Question 6

Q

A malicious internal user was discovered using network traffic capture software from his workstation to perform an on-path attack against other users on your network. Which of the following activities was the malicious user most likely performing?

A) spoofing the organization’s domain name
B) capturing login names and passwords for websites
C) domain kiting
D) attacking the primary router with a flood of ping requests

Answer

A

Capturing login names and passwords for websites

The user was capturing network data as it passed over the network, most likely looking for user logins and passwords that were unprotected and sent in clear text.

Question 7

Q

Which of the following is generally a paper-based type of exercise in which participants discuss a scenario to discern weaknesses in a plan?

A) simulation
B) tabletop
C) risk assessment
D) checklist

Answer

A

Tabletop

A tabletop exercise requires the involved parties to gather and step through a scenario to discern weaknesses in the plan. Tabletop exercises are generally paper-based, meaning that no actual steps are undertaken.

Question 8

Q

Several of your users have reported a virus attack on their workstations, and their home data directories have been deleted. Comparing the log files from the workstations, you realize the attacks all occurred at the exact same time. Which of the following malware types could be the issue?

A) backdoor
B) macro virus
C) logic bomb
D) rootkit

Answer

A

Logic bomb

A logic bomb program will not activate until a specific trigger is set off (for example, reaching a specific time or date or starting a program a specific number of times).

Question 9

Q

Which of the following actions should you take if you discover a flaw within your web application that allows root access to the system through command injection?

A) completely re-architect the application for the next major version
B) do not publish the issue but resolve it in the next major version
C) resolve the issue and release a hotfix
D) advise end users not to use command injection

Answer

A

Resolve the issue and release a hotfix

Resolve the issue and release a hotfix is correct. Because this is a serious security flaw, you should resolve it as soon as possible and release a hotfix to your customers to prevent them from being exploited by the flaw.

Question 10

Q

Your organization currently has only two external public IP addresses available but needs to share these IPs with several internal hosts that require external IP addresses for connectivity. Which of the following should you implement?

A) router
B) firewall with no services running
C) security device with NAT capabilities
D) DHCP server

Answer

A

Security device with NAT capabilities

Using network address translation (NAT) on a firewall device, you can share an external address with several internal IP addresses of devices protected by the firewall.

Question 11

Q

You have thoroughly researched and documented a disaster recovery plan for your organization. What should you do next as part of your business continuity and disaster recovery planning?

A) create backup copies of the plan and store them offsite
B) have a plan approved by the CEO of the company
C) test your plan
D) store the plan in a locked safe

Answer

A

Test your plan

Your disaster recovery plan (DRP) must be tested to ensure that it properly meets your business continuity objectives during a real-life scenario. After testing your plan, you can revise it based on your testing results.

Question 12

Q

Which of the following aspects of your company’s network or systems does not provide redundancy in the event of a failure?

A) redundant power supplies on a server
B) dual fiber cabling for the network backbone
C) redundant routers for the same ISP
D) RAID 5 hard drive systems on a server

Answer

A

Redundant routers for the same ISP

Although you have redundancy at the router level, if your Internet service provider (ISP) communications fail, there are no backup communications. You should have at least one more communication line to a different ISP.

Question 13

Q

You are developing a web application and are performing testing of the input fields for web forms. Which of the following techniques can you use to make sure that operating system commands cannot be inserted into your web forms and executed?

A) transitive access
B) escaping
C) cross-site scripting
D) fuzzing

Answer

A

Escaping

Escaping is a secure coding technique that ensures that any system commands are not processed and executed as actual commands; instead, they are only recognized as text.

Question 14

Q

You are reviewing your organization’s business contracts with third-party hardware service vendors and checking the estimated time for vendors to respond to service calls and repair failed hardware. Which of the following factors is the most important in these calculations?

A) MTBF
B) MTTR
C) RPO
D) RTO

Answer

A

MTTR

The mean time to repair (MTTR) is the average length of time from the moment a device or service fails until it is repaired. For a failed server part, your service vendor may state that they can provide a new replacement part within 4 hours, but in other cases, this could be 24 to 48 hours.

Question 15

Q

Your organization’s e-mail server has been flagged by a third-party anti-spam service as a possible source of spam messages. Which of the following is most likely the issue?

A) using insecure versions of POP and IMAP for retrieving messages
B) out-of-date anti-spam signatures
C) using TLS for SMTP connections
D) open relay on SMTP port 25

Answer

A

Open relay on SMTP port 25

If you allow Simple Mail Transfer Protocol (SMTP) relay on port 25, any mail client outside of your network can send mail through your server, and this is often exploited by spammers.

Question 16

Q

Which of the following is not a valid privacy role within an organization that is required to comply with the GDPR?

A) data protection officer
B) data processor
C) data assessor
D) data controller

Answer

A

Data assessor

The General Data Protection Regulation (GDPR) does not designate a data assessor privacy role.

Question 17

Q

You are suspicious that a specific computer on your network has a Trojan that is allowing backdoor access by a remote intruder. Which of the following actions can help you track down the information transmitted to the remote user and the user’s address?

A) check the antivirus logs
B) run a port scan on your firewall
C) monitor traffic from that specific computer with a traffic capture and analysis tool
D) run a performance baseline test on the system

Answer

A

Monitor traffic from that specific computer with a traffic capture and analysis tool

A tool like Wireshark, a common protocol analyzer, can capture and allow analysis of network traffic. Each individual network packet can be analyzed to decode its header information (where the packet originated and its destination) and also the content of the packet.

Question 18

Q

You have a small office consisting of about 25 users. You need to utilize mail encryption to allow specific users to encrypt outbound e-mail messages, but you do not need an expensive onsite encryption server. Which of the following applications can you implement?

A) HTTPS
B) POP/IMAP
C) WPA3
D) PGP

Answer

A

PGP

Pretty Good Privacy (PGP) provides a low-cost or open-source alternative for allowing users to encrypt their e-mail messages. Technically, neither PGP nor web of trust is Public Key Infrastructure (PKI), since it is all peer-to-peer certificate trust and management, versus a centralized certificate authority (CA).

Question 19

Q

Which of the following concepts helps prevent the situation where a compromise of one secret key or message leads to a compromise of previous confidential messages?

A) perfect forward secrecy
B) blockchain
C) symmetric cryptography
D) steganography

Answer

A

Perfect forward secrecy

Perfect forward secrecy (PFS) is designed, through the utilization of complex cryptographic protocols, to prevent the situation where a compromise of one secret key or message leads to a compromise of previous confidential messages.

Question 20

Q

After an incident, to prevent further unauthorized access to users’ smartphones when they are not in the presence of the user, which of the following security control policies should you implement?

A) using MDM to enforce a lock after five minutes of inactivity
B) clean desk policy
C) password history and rotation
D) screen privacy guard

Answer

A

Using MDM to enforce a lock after five minutes of inactivity

By using mobile device management (MDM) to enforce automatic locking of users’ mobile devices after five minutes of inactivity, you ensure that users’ smartphones are not accessible if they are away from them for a lengthy period of time. The users must authenticate to their device to unlock it.

Question 21

Q

Your organization communicates client healthcare data to several medical centers within the United States. Which of the following regulatory compliance policies applies to your organization concerning the protection and confidentiality of client health data?

A) HIPAA
B) PCI DSS
C) GDPR
D) sarbanes-oxley

Answer

A

HIPAA

HIPAA is correct. The Health Insurance Portability and Accountability Act (HIPAA) is a set of compliance regulations for the protection of confidential patient data in the medical, healthcare, and health insurance industries.

Question 22

Q

Which of the following is the best method to mitigate DNS attacks?

A) encrypting host files
B) encrypting DNS lookups
C) secure authenticated zone transfers
D) using reverse DNS resolution

Answer

A

Secure authenticated zone transfers

Domain Name Service (DNS) poisoning attacks can be mitigated by ensuring that your DNS server updates its information only from authoritative sources by proper authentication or the use of secure communications.

Question 23

Q

As the company’s technical executive, you are researching risk management strategies and have identified several security-related issues that need to be communicated to the organization. Which of the following mediums should you use to ensure issues are communicated effectively and users are held accountable?

A) social media posting
B) company-wide memo via e-mail
C) signed organizational policies
D) hard-copy rulebook available from human resources

Answer

A

Signed organizational policies

For the most effective risk management and training, organizational policies must be created, distributed, and signed in order to educate your employees on how to conduct their day-to-day activities while being vigilant about security.

Question 24

Q

You are creating a business continuity and disaster recovery plan for your organization. Which of the following aspects of your plan examines your organization’s most critical business functions and how they will be affected during a disaster?

A) business impact analysis
B) escalation plan
C) contingency plan
D) risk analysis

Answer

A

Business impact analysis

Business impact analysis is correct. The business impact analysis (BIA) examines the loss of revenue, legal obligations, and customer service interruption that can arise as the result of a disaster.

Question 25

Q

Which of the following is considered the most volatile type of medium when acquiring and preserving data for an investigation?

A) disk
B) RAM
C) firmware
D) paper

Answer

A

RAM

Random-access memory (RAM) is extremely volatile, meaning that if power is lost or removed from the memory, it loses its contents. This makes it incredibly important that, if at all possible, systems that are isolated after an event are not powered down.

Question 26

Q

After performing a site survey of your current wireless network, you discover that the range of the network is well beyond what is required for your facility. Which of the following controls is the best option to mitigate the issue and prevent users outside of your facility from accessing the wireless network?

A) transmit on a narrow-band frequency
B) lower the power of wireless transmission on your access points
C) remove the access points closest to the outside walls
D) Extend the antennas of your access points

Answer

A

Lower the power of wireless transmission on your access points

You can limit the power level of transmissions on your wireless network to control the range and speed of wireless access. This way, you can limit the range of your access point coverage to just the needed areas of your location.

Question 27

Q

Which of the following is a packet-capture utility natively built into most modern Linux distributions, but is also included in some macOS and Windows ports?

A) tcpdump
B) winhex
C) Wireshark
D) curl

Answer

A

Tcpdump

Tcpdump is a packet-capture utility built into most modern Linux distributions but is also found in some macOS and Windows ports. It’s used to view network packets and to output to a file.

Question 28

Q

After a recent hacking attack on your web server, you have discovered that the hacker exploited a security flaw within the underlying operating system running on the server. Which of the following was the most likely cause?

A) you upgraded to the latest major version of the OS when it is released
B) you didn’t update the web application software to resolve the issue
C) you didn’t use your firewall to block port access to the exploit
D) you didn’t apply an OS patch to resolve the issue

Answer

A

You didn’t apply an OS patch to resolve the issue

Keep your operating system up to date with the latest software updates or patches. If a security flaw is discovered, the OS vendor will release a patch as quickly as possible to resolve the issue.

Question 29

Q

You are performing a risk analysis of the critical servers in your organization that accept, process, and store customer data. Which of the following risks can result in the biggest impact to customer data?

A) theft of a network switch
B) failed hard drive on a RAID system
C) hacking attempt on your firewall
D) virus attack that corrupts files on a server

Answer

A

Virus attack that corrupts files on a server

If a virus infects one of your servers that stores customer data, the files can be corrupted if you do not have a proper backup of the data.

Question 30

Q

You are developing a proposal for a new authentication solution for a gaming service; the company has requested a two-factor authentication method utilizing a mobile app along with a traditional username and password combination. Which of the following is the most likely solution?

A) one-way hash
B) TOTP
C) PKI
D) SSL

Answer

A

TOTP

(TOTP) Time-based one-time passwords allow users to log in to a system with a username and password combination and then a one-time token, generally generated from a separate device.

Question 31

Q

After a recent tailgating incident where an unauthorized person followed an employee into your company’s access-controlled facility, which of the following mitigation techniques should you implement to prevent future attacks originating from this and other types of social engineering?

A) acceptable use policy
B) security guard
C) awareness training
D) security passes

Answer

A

Awareness training

You can improve security by providing user training on the different types of social engineering attacks and how to prevent them.

Question 32

Q

Your company’s web server is currently under network attack. After checking the firewall logs, you notice that the server is receiving an abnormal amount of network traffic from several different source IP addresses. Which of the following attacks is the most likely cause?

A) on-path attack
B) spoof attack
C) denial-of-service attack
D) distributed denial-of-service attack

Answer

A

Distributed denial-of-service attack

A distributed denial-of-service (DDoS) attack comes from several different source IP addresses.

Question 33

Q

You are a cybersecurity leader for an organization that doesn’t currently utilize threat intelligence. You would like to begin using a program that catalogs emerging tactics, techniques, and procedures being used within attacks globally. Which of the following best suits this desire?

A) MITRE ATT&CK
B) cyber kill chain
C) NIST cybersecurity framework (CSF)
D) the diamond model of intrusion analysis

Answer

A

MITRE ATT&CK

MITRE created the ATT&CK framework to help catalog emerging tactics, techniques, and procedures (TTPs) being used within attacks globally.

Question 34

Q

You are designing your company’s new server room and are planning which controls to implement. Which of the following is most useful for ensuring clean and consistent power flows to the server equipment?

A) humidity controls
B) elevated cable trays
C) power conditioner
D) hot and cold aisles

Answer

A

Power conditioner

A power conditioner helps provide consistent and clean power.

Question 35

Q

A security incident has occurred where an unauthorized person using a stolen access card entered a server room and stole an expensive piece of network equipment. Which of the following actions can provide evidence of the unauthorized user’s identity?

A) checking the access card log
B) checking access control vestibule logs
C) checking video surveillance footage
D) checking firewall logs

Answer

A

Checking video surveillance footage

If you have video surveillance of the server room, you will have video evidence of the unauthorized user entering the server room and taking the device.

Question 36

Q

A company has quickly grown from a small startup to a medium-size enterprise and now realizes it needs to implement and enforce a policy regarding the proper internal use of the company’s computer systems and communications. Which of the following should the company implement?

A) acceptable use policy
B) access control policy
C) due care and due diligence
D) service-level agreement

Answer

A

Acceptable Use policy

Acceptable use policy is correct. An acceptable use policy (AUP) is a set of established guidelines for the appropriate use of computer networks within an organization.

Question 37

Q

A network administrator for the organization has just had his employment terminated and has been removed from the facility. Which of the following actions should you take?

A) disable the user’s account and change the admin password of all network devices and servers
B) retain the user’s account for backups
C) limit logon attempts on the user’s account
D) set time restrictions for the user’s account

Answer

A

Disable the user’s account and change the admin password of all network devices and servers

The network administrator’s account should be disabled as per the termination policies. The network administrator will have knowledge of the passwords for all critical network devices and servers, and these should be immediately changed.

Question 38

Q

You have discovered that a number of systems within a client’s network have become infected with malware; it appears that all the affected systems visited the same website. This is most likely an example of which type of attack?

A) spoofing
B) poisoned DNS server
C) watering hole attack
D) SQL injection

Answer

A

Watering hole attack

A watering hole attack lies in wait for users to visit a particular website, where malware targeting those specific users has often been implanted. The website is often commonly visited by those users and not necessarily others.

Question 39

Q

You have just enabled SNMP on all your servers so that you can monitor them from a central monitoring station. Which of the following actions should you perform to increase security when using SNMP?

A) ensure the monitoring station is protected by a firewall
B) disable ICMP
C) close SNMP TCP and UDP port 161 on the client
D) change the “public” community name

Answer

A

Change the “public” community name

The default community name for the Simple Network Management Protocol (SNMP), “public,” acts as a password between the SNMP monitor and the device. If you do not change the default, any user with an SNMP monitor can access the device using the “public” community string.

Question 40

Q

To help prevent security vulnerabilities, which of the following can you implement outside of the development cycle to improve the quality of the software code?

A) dynamic code review
B) OS patching
C) static code review
D) known environment penetration testing

Answer

A

Known environment penetration testing

Known environment penetration testing is performed in the testing cycle after the code is generated.

Question 41

Q

After a crash of your web application, the end user sees a detailed error message including a directory path to the configuration files for the application. Which of the following security techniques should you improve to further protect your application?

A) error and exception handling
B) escaping
C) input validation
D) fuzzing

Answer

A

Error and exception handling

Error messages must be informative to the user, but system details should never be revealed. You should improve the error and exception handling in your application so that it does not reveal system details in the event of a crash or malfunction.

Question 42

Q

Which of the following security techniques can help you configure data controls?

A) anti-malware scanning
B) checksum hashes on the outgoing attachment
C) caching proxy server
D) data classification

Answer

A

Data classification

Data classification schemes, such as “public,” “classified,” and “secret,” can help you configure data controls to search for these classification levels in documents being transmitted outside of your network.

Question 43

Q

You are performing business continuity and disaster recovery planning for your organization, which provides very time-critical customer financial services. In anticipation of a disaster potentially striking your organization’s primary data center, which of the following should you plan to implement?

A) hot and cold aisles
B) having spare routers and switches on hand
C) remote backup
D) hot site

Answer

A

Hot site

A hot site is a facility that’s ready to be operational immediately when the primary site becomes unavailable. All the equipment and networking infrastructure the company requires are already in place and can be activated quickly.

Question 44

Q

You need to improve the redundancy of the file servers in your organization’s network. Which of the following actions helps improve hardware redundancy on the file servers to prevent downtime because of hardware failures?

A) installing cooling fans in the server cabinet
B) adding a second ISP
C) using a backup tape system
D) adding another power supply

Answer

A

Adding another power supply

By adding a second power supply, you ensure that the servers will not power off if one of the power supplies fails.

Question 45

Q

For security reasons, you want to enable port security for your network switches to allow only certain clients to connect to specific switches. Which of the following is the best authentication service to implement?

A) local username and password
B) 802.1X
C) LDAP
D) RADIUS

Answer

A

802.1X

802.1X is implemented on network devices such as switches to provide access control by authenticating connecting clients based on the user or system identity. You can then allow or block network connectivity and apply network access policies based on this authentication.

Question 46

Q

The certificate for your organization’s web server has been revoked. Which of the following actions must you take?

A) continue to use the certificate until you get a renewal
B) contact the CA for to appeal the revocation
C) use a self-signed certificate
D) a new key pair and new certificate need to be generated

Answer

A

A new key pair and new certificate need to be generated

A new key pair and new certificate need to be generated is correct. New key pairs and a certificate need to be generated because the certificate can’t be renewed after it has been revoked.

Question 47

Q

To prevent shoulder-surfing attempts on users in the human resources and accounting departments, which of the following security techniques should you implement?

A) install screen privacy guards
B) use encrypted authentication
C) create an acceptable use policy
D) implement photo ID cards

Answer

A

Install screen privacy guards

When screen privacy guards are in place, a nearby person cannot easily see the screen of a user and her actions.

Question 48

Q

SAML implementations have three basic roles: the __________, the identity provider, and the service provider.

A) validation authority
B) identity
C) authentication provider
D) service validation

Answer

A

Identity

The three roles within a Security Assertions Markup Language (SAML) implementation are the identity, the identity provider, and the service provider.

Question 49

Q

Your web application has crashed after a user accidently cut and pasted a large paragraph of text into a small text field within the application. Which technique would help ensure that these types of input validation errors do not occur?

A) fuzzing
B) command injection
C) escaping
D) transitive access

Answer

A

Fuzzing

Fuzzing is correct. Fuzzing is used to test input validation through the entry of random and unexpected characters in all the input fields in your application. This ensures that all types of text are entered and tested to make sure they don’t crash the application.

Question 50

Q

You have had several security incidents where development contractors’ user accounts were still active after their contract was over and they have left the organization. Which of the following user account security policies should you implement to detect this in the future?

A) password rotation
B) minimum password length and complexity
C) limiting logon attempts
D) routine account audits

Answer

A

Routine account audits

Routine account audits is correct. Conducting routine account audits ensures that once a contract is completed, if accounts aren’t properly disabled or deleted, they are detected.

Question 51

Q

You have a high-security workstation that is used to monitor and manage the security systems and video surveillance for your entire facility. Which of the following security applications can you use to detect unauthorized access on this workstation?

A) anti-malware application
B) host-based firewall
C) host-based intrusion detection system
D) auditing application

Answer

A

Host-based intrusion detection systems

Host-based intrusion detection system is correct. A host-based intrusion detection system (HIDS) monitors a specific host for suspicious behavior that could indicate someone is trying to break into the system.

Question 52

Q

After an incident, you have discovered that many users have been using your company’s Internet service to download screensavers and other types of add-on software to their work computers, much of which software contains pop-up ads. How can you apply improvements to help mitigate security issues with users’ private data being transmitted outside of the network through adware?

A) web authentication
B) caching proxy server
C) anti-malware scanning
D) host-based firewall monitoring outgoing connections

Answer

A

Host-based firewall monitoring outgoing connections

A host-based firewall monitors all inbound and outbound connections. After an incident, you can ensure your rules block applications trying to create an outbound connection inappropriately.

Question 53

Q

Which of the following techniques can you implement to prevent command injection?

A) escape command characters
B) use SQL injection
C) fuzz input
D) disable cut-and-paste functionality

Answer

A

Escape command characters

Escaping is a technique used when processing input fields to process command characters inserted into the input as text data to prevent commands from being run.

Question 54

Q

You are a cybersecurity analyst that is implementing a new SOAR tool within your organization. You want to develop a list of step-by-step actions that need to occur within the SOAR process. Which is the appropriate name for this list?

A) playbook
B) policy
C) SIEM
D) runbook

Answer

A

Playbook

A playbook lists step-by-step actions that need to occur within the security orchestration, automation, and response (SOAR) process. The actions typically need to be performed by humans, so the playbook serves as the definitive guide to ensure that any documentation, required reporting, or other mandated actions that require human involvement and decision-making occur exactly when they should.

Question 55

Q

Which of the following is not a common mobile deployment model?

A) virtual desktop infrastructure
B) bring your own device
C) corporate-owned personally enabled
D) work from home

Answer

A

Work from home

This is not a mobile device deployment model. Any of the common mobile deployment models can work in this situation.

Question 56

Q

A number of recent security incidents have occurred on one of your servers because ping and traceroute services are enabled. You could disable __________ to prevent these security issues from recurring.

A) DNS
B) NTP
C) ICMP
D) SNMP

Answer

A

ICMP

The Internet Control Message Protocol (ICMP) is the core protocol used by the ping and traceroute utilities for network diagnostics, and it should be disabled on the server.

Question 57

Q

Which of the following security techniques is best suited to prevent, detect, and mitigate physical theft of high-value corporate equipment?

A) perimeter fencing
B) security guards
C) security lighting
D) video surveillance

Answer

A

Security guards

Security guards regularly patrolling the facility and monitoring CCTV can detect and respond immediately to security occurrences as they happen and prevent any equipment from leaving the building.

Question 58

Q

You need to set up security controls to help your company prevent data loss when customer credit card information is being sent outside of your network via e-mail. Which of the following technologies should you implement?

A) content filter
B) anti-spam filter
C) firewall
D) caching proxy server

Answer

A

Content Filter

A content filter can scan outbound messages for patterns that match credit numbers, and then block or quarantine these messages to prevent them from being sent outside of the company’s network.

Question 59

Q

Which of the following security measures for wireless networks prevents specific computer systems from accessing the wireless network while allowing others based on the hardware address of the system?

A) WPA3 encryption
B) SSID
C) WPA2 encryption
D) MAC address filtering

Answer

A

MAC address filtering

Media Access Control (MAC) address filtering ensures that only specific systems can access the wireless network. The hardware MAC address of each authorized system is programmed into the wireless network base stations so that only those hardware addresses can connect.

Question 60

Q

You are hardening all the network servers in your environment to make sure each server is running only the minimum services required for its task. Which of the following network services would you disable on your public web server?

A) TCP/IP
B) HTTPS
C) telnet
D) HTTP

Answer

A

Telnet

The Telnet service provides remote access and should be disabled on this webserver to prevent hackers from connecting to it.

Question 61

Q

You are the first responder to a security incident in which a web server has been hacked and has stopped operating. On the console screen is an error message that includes a message from the hacker. Which of the following actions should you perform to help preserve evidence of the incident?

A) take a picture of the screen with the error message
B) restart the system to restore operations
C) perform a backup of the web server
D) restart the system and print out the error logs

Answer

A

Take a picture of the screen with the error message

You should immediately take a picture of the screen with the error and message on the screen because if you restart the server, you won’t be able to see this message again.

Question 62

Q

As the IT administrator for your organization, you have been contacted by your organization’s general counsel and instructed to begin collecting evidence for a pending investigation of an employee’s alleged use of the organization’s network for illegal purposes. What do you need to formally initiate?

A) order of volatility
B) legal hold
C) chain of custody
D) acquisition

Answer

A

Legal hold

If your legal counsel determines that evidence should be collected for any reason, be it a pending investigation, litigation, or other situation where evidence would be required, a legal hold must be formally initiated. A legal hold halts the usual backup and disposition processes, and immediately puts your personnel into data protection mode.

Question 63

Q

A two-factor authentication method utilizing a token generated from a mobile application along with a username and password combination is likely which type of solution?

A) SSH
B) one-way hash
C) TOTP
D) SSL

Answer

A

TOTP

A time-based one-time password (TOTP) allows a user to log in to a system with a username and password combination and then use a one-time token, generally generated from a separate device.

Question 64

Q

Your quality assurance team is testing a new web application and requires several servers on-site to properly test the application on different operating systems. Due to budget and resource constraints, your company does not have enough physical servers to cover the testing requirements and provide adequate security for each system. Which of the following technologies could you implement?

A) firewall DMZ
B) web-caching proxy
C) virtualization
D) cloud computing

Answer

A

Virtualization

Virtualization allows you to run several operating system instances on a single hardware device. Each virtual machine is run in its own CPU and memory environment and is secure from the other virtual machines running on the same system.

Answer 65

A

NAC

Using network access control (NAC), you can define a minimum set of parameters that clients must adhere to before they can connect to your network. NAC typically installs a user agent on the client that analyzes the system and compares its configuration to your policies.

Answer 66

A

HTTPS connection from internal network

For the highest security, you should use a Hypertext Transfer Protocol Secure (HTTPS) connection from an internal network.

Answer 67

A

Unknown environment penetration testing

Unknown environment penetration testing is correct. Unknown environment penetration testing examines your system’s security by simulating an attack from a user who is seeing this system or application for the first time and therefore can be a very objective and unbiased evaluator.

Answer 68

A

Spam mail accidentally trained as legitimate mail

Spam mail accidentally trained as legitimate mail is correct. Your anti-spam filter is constantly training on spam and legitimate e-mail messages, and at some point, the training database could have been corrupted by spam that was trained as trusted, legitimate mail.

Answer 69

A

Anti-malware signature files are out of date

If the anti-malware signatures are out of date, the malware may have been a very new piece of malware that is resolved in a recent signature update that was not installed on the laptop.

Answer 70

A

Create a hash of the file

To validate that a file has not been modified, the file should include a hash or checksum that the user can compare to the checksum of the downloaded file.

Answer 71

A

Risk likelihood and impact

The likelihood and impact of the risk have a direct bearing on how much you want to budget for appropriate security controls to prevent the risk from occurring.

Answer 72

A

Awareness training

With awareness training, users can recognize the signs of suspicious messages, viruses, malware, and phishing links that should be brought to the attention of the administrator before they spread through the company’s network. This can be effective even if there are no signatures available for a threat.

Answer 73

A

Transitive access

Transitive access occurs when a user is inadvertently given advanced access to another part of the application or the system on which it is hosted. You must ensure that your application does not allow transitive access in the event of a crash or malfunction.

Answer 74

A

Time restrictions

You can disable system access after a certain time so that no users are logged in to their computers after hours.

Answer 75

A

IPSec

IP Security (IPSec) provides encryption, integrity, and authentication for data tunneled over virtual private networks (VPNs) across public networks.

Answer 76

A

Enable authentication with strong passwords

Enable authentication with strong passwords is correct. By using a strong authentication method, you reduce the risk that a malicious user can hack into the admin account on the access point.

Answer 77

A

25

TCP port 25 is used by the Simple Mail Transport Protocol (SMTP) to connect to and deliver mail between e-mail servers.

Answer 78

A

Symmetric

In a symmetric encryption scheme, both parties use the same key for encryption and decryption purposes. The sender uses the key to encrypt the message and then transmits that message to the receiver. The receiver, who is in possession of the same key, uses it to decrypt the message.

Answer 79

A

Use strong access point passwords

If a hacker gains management access to the access point through a wired or wireless connection, he can apply brute-force attacks against the admin credentials of the device. Using strong passwords helps prevent these types of attacks.

Answer 80

A

Gas-powered generator

The data center requires a gas-powered generator that can provide power continuously until electrical power is restored.

Brainscape's Knowledge GenomeTM

Practice Test #4 Flashcards

Brainscape's Knowledge Genome^TM