Practice Test 4 Flashcards

1
Q

Josh, as an administrator for a health care company, is required to support an older, legacy application. He’s concerned about the application having some vulnerabilities that would affect the remainder of the network. Of the following, which option is the most efficient way to mitigate this?

A) Use an application container
B) Implement SDN
C) Run the application on a separate VLAN
D) Insist on an updated version of the application

A

A) Use an application container

The best option would be to use an application container which isolates applications from the host operating system. Virtual environments are allowed to run an application in an application container. SDN is software-defined networking, which will not accomplish the task at hand. Running applications on separate VLANs has nothing to do with the host operating system and insisting on updated versions still does not accomplish the task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of attack is based on sending more data to a target than the target can hold?

A) Bluesnarfing
B) Buffer overflow
C) Bluejacking
D) DDoS

A

B) Buffer overflow

Sending more data to a target than the target is capable of holding is called a buffer overflow attack. Bluesnarfing and Bluejacking are both Bluetooth attacks and a DDoS is not described in this scenario.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Pat is working to allocate appropriate numbers of IP addresses for various subnets in the network for his company. What would be the proper CIDR notation for an IP v4 subnet with 72 nodes?

A) /27
B) /29
C) /24
D) /26

A

C) /24

Options /27 (32 IPs), /29 (8 IPs) and /26 (64 IPs) all yield subnets that are too small.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Mark noticed that one of the employees at his company tethers to his smartphone to bypass corporate web security to access prohibited websites while still being connected to the LAN. What is the best way to prevent this?

A) Disable wireless access
B) Implement a WAF
C) Implement a policy against tethering
D) Implement a HIPS

A

C) Implement a policy against tethering

In order to be effective here, you’d need to implement a policy against tethering, therefore, repercussions can be possible. Implementing a WAF wouldn’t help much as that’s a firewall, disabling wireless access wouldn’t help much because she isn’t using company wireless, and HIPS doesn’t work unless it’s testing it on the machine that’s being tethered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Joe is concerned about attacks to an e-commerce server. He’s especially concerned about a cross-site scripting attack and SQL injection. Which of the following would defend against these two attacks?

A) Encrypted web traffic
B) Filtering user input
C) A firewall
D) An IDS

A

B) Filtering user input

Filtering user input is the best way to defend against attacks. Encrypting web traffic would have no effect on these attacks. Web application firewalls (WAF) can mitigate these attacks but it would fall secondary to filtering user input, and IDS simply detects attacks and doesn’t stop them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You are currently testing your company network for security issues. The test you’re conducting involves using automated and semi-automated tools to look for known vulnerabilities with various systems. Which of the following best describes this test?

A) Vulnerability scan
B) Penetration test
C) Security audit
D) Security test

A

A) Vulnerability scan

Vulnerability scans use automated tools to find known vulnerabilities, so this is the correct answer. Penetration tests typically work to exploit found vulnerabilities and break into networked systems, while security audits typically focus on checking policies, incident reports, and documents. Security test is a generic broad term for any type of test run to test network security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You are responsible for the web application security for your company’s e-commerce server. You’re especially concerned with XSS and SQL injection. Of the following, which technique would be the most effective at mitigating these attacks?

A) Proper error handling
B) The use of stored procedures
C) Proper input validation
D) Code signing

A

C) Proper input validation

The aforementioned attacks are typically mitigated with input validation. This helps prevent XSS and SQL injections from happening. Error handling doesn’t mitigate attacks. Stored procedures are great but they don’t prevent attacks and Code signing is used for code downloaded from the web, to protect the client computer, not the web application itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Of the listed principles, which one states that multiple changes made to computer systems shouldn’t be made simultaneously?

A) Due diligence
B) Acceptable use
C) Change management
D) Due care

A

C) Change management

Change management is a process that states that multiple changes should never be made to a network and computers simultaneously. This is a process of documenting all changes made, which assists with problem tracking. Due diligence is an investigation, acceptable use policies determine what you can and cannot do on a corporate network and due care is used when you make an extra effort to avoid harm to another party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Thomas is seeking options for controlling physical access to the server room. He would like a hands-free solution. Which of the following would be his best choice?

A) Smart cards
B) Proximity cards
C) Tokens
D) Fingerprint scanner

A

B) Proximity cards

The best choice for a hands-free solution would be Proximity cards as they only need to be within close range for the reader to work correctly. Smart cards have to be inserted or swiped, tokens don’t have a hands-free option and fingerprint scanners are not hands-free as they require the use of local fingerprints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Kim would like to implement a server authentication method that depends on TPM in a server. What’s the best approach?

A) Hardware-based access control
B) Software-based access control
C) Digital certificate-based access control
D) Chip-based access control

A

A) Hardware-based access control

TPM can be used for authentication, therefore, hardware-based access control is the best approach. For hardware-based access control, you would need the chip in order to be able to access the information on the machine. Software-based access control isn’t related to this scenario, digital certificates aren’t completely related to this scenario and chip-based access control is not an industry term.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Josh manages network security at his company and has noticed that NTP is not working correctly. What security protocol will be affected by this?

A) RADIUS
B) DNSSEC
C) IPSec
D) Kerberos

A

D) Kerberos

Kerberos is a key distribution center and provides keys with certain time limits. These expire after a certain amount of time and may not be used. All other options are incorrect because they function without a dependency of time synchronization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Brandon is a network administrator and has received a popup window that tells him his files are now encrypted and he must pay a certain amount of bitcoins to get them decrypted. He tried to check the files in question, but their extensions have all changed and he cannot open them. What best explains the given scenario?

A) His machine has a rootkit
B) His machine has ransomware
C) His machine has a logic bomb
D) His machine has been the target of whaling

A

B) His machine has ransomware

Brandon’s machine has been affected by ransomware. Ransomware requests payment in return for the files being “held hostage” or encrypted/decrypted. Rootkits provide administrative access, logic bombs execute when certain conditions are met and this scenario has nothing in it that describes whaling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which should be required by a company to mitigate the impact of a custom piece of software being installed by a vendor in case the vendor later goes out of business?

A) A detailed credit investigation prior to acquisition
B) A third-party source-code escrow
C) Substantial penalties for breach of contract
D) Standby contracts with other vendors

A

B) A third-party source-code escrow

The correct answer would be a source-code escrow. This would assist with granting you the source code in the event the vendor goes out of business, so you can maintain the source code yourself. Detailed investigations are a great idea but this won’t help you with a failing vendor. Penalties for breach of contract are no longer effective when a vendor goes out of business and even if another vendor creates a standby by contract with you, they can’t do what they need to without the source code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Larry is a network administrator for a small accounting firm and has heard some of his users complaining of slow connectivity. When he started investigating the firewall logs, he saw a large number of half-open connections. What best describes his findings?

A) DDoS
B) SYN flood
C) Buffer overflow
D) ARP poisoning

A

B) SYN flood

SYN flood is the correct answer. Half-open connections are a classic example of a SYN flood attack. Nothing in the question demonstrates any part of a DDoS attack. Buffer overflows involve sending too much data to a target and ARP poisoning alters the ARP tables and isn’t related to website hacking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cassie is worried about credential management on a network where users often have over six passwords to remember. She’s currently interested in finding a solution to this problem. Which would be the best way to address this issue?

A) Implement a manager
B) Use short passwords
C) Implement OAuth
D) Implement Kerberos

A

A) Implement a manager

The best way to address this solution would be to implement a manager for the passwords. Using short passwords is a security risk. OAUTH allows a users account information to be shared and Kerberos will not reduce the number of passwords that must be remembered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Wayne works for a large law firm and manages network security. It’s common for guests who come to the law firm to need to connect to the WiFi. He wishes to ensure that he provides maximum security when these guests connect using their own devices, but also seeks to provide assurance to the guests that his company will have minimal impact on their devices. What is the best solution?

A) Permanent NAC agent
B) Agentless NAC
C) Dissolvable NAC agent
D) Implement COPE

A

C) Dissolvable NAC agent

Network Access Control systems can perform a health check on devices to make sure they meet minimum security standards prior to connecting. Permanent NAC would have an impact on visitor devices; agentless NAC has less impact and COPE devices aren’t possible to give to guests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which encryption type offers easy key exchange and key management?

A) Obfuscation
B) Asymmetric
C) Symmetric
D) Hashing

A

B) Asymmetric

Asymmetric encryption is typically the one that provides easy key exchange and management. Asymmetric encryption is the system that protects keys from loss or misuse as well. Obfuscation is a process of making something difficult to read, Symmetric encryption uses the same key to encrypt/decrypt and Hashing ensures data integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Amy manages mobile device security for her company, an insurance firm. The company currently uses BYOD. She’s concerned about employees’ personal device usage compromising company data on the mobile devices. What technology could best assist with this concern?

A) Containerization
B) Screen locks
C) FDE
D) Biometrics

A

A) Containerization

Containerization is a great resource since it establishes secure isolated connections to applications and isolates the rest of the phone. Screen locks do not assist with this concern, FDE is a great idea but doesn’t segregate data and Biometrics is a great idea for authentication but they do not address this issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which is a term for technical controls?

A) Access controls
B) Logical controls
C) Detective controls
D) Preventative controls

A

B) Logical controls

Technical controls are logical controls. These are controls you can use to restrict data access like applications, devices, and encryption. Access controls can be technical controls, but this also encompasses other things as well. Detective controls detect things but do not prevent things and preventative controls are typically used to assist in avoiding a security breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

John is a sales manager at his company. He has recently received an email asking him to click a link to fill out a survey. The email seems suspicious but it does mention a major association of which he’s familiar, and makes him think it may be a legitimate email. Of the following, which best describes this attack?

A) Phishing
B) Social engineering
C) Spear phishing
D) Trojan horse

A

C) Spear phishing

The correct answer is spear phishing. Spear phishing targets a specific group, and it’s relatively easy to do when attackers can find individuals from public sources via source intelligence. Phishing is too broad of a term. Social engineering is incorrect; while it is a part of every phishing attack, this scenario goes deeper than social engineering. Trojan horse and/or malware is not even part of this attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Lisa manages incident response for a bank. The bank has a website that’s been attacked. The attacker utilized the login screen, and rather than entering proper login credentials, the attacker entered some odd text: ‘ or ‘1’=’1. What is this attack known as?

A) Cross-site scripting
B) Cross-site request forgery
C) SQL injection
D) ARP poisoning

A

C) SQL injection

The correct answer is a SQL injection. The text in the question is a classic example of a basic SQL injection that works to log in to a site. Cross-site scripting uses JavaScript, Cross-site request forgery doesn’t involve test and ARP poisoning alters an ARP table, which isn’t related to website hacking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which plan identifies critical systems and components to ensure assets are safe and protected?

A) DRP
B) BCP
C) IT contingency plan
D) Succession plan

A

B) BCP

A business continuity plan identifies critical systems and components that need to be protected. DRP (disaster recovery plan) has information relating to the disaster recovery strategy such as how the company will require with minimal lost time and money, an IT contingency plan specifies alternate procedures for disruptions of service and succession plan works through personnel coming in to take someone else’s place upon leaving the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Wanda is responsible for network connectivity for her company. The sales department is transitioning to VoIP. What two protocols must be allowed through the firewall for this to be successful?

A) RADIUS and SNMP
B) TCP and UDP
C) SIP and RTP
D) RADIUS and SIP

A

C) SIP and RTP

VoIP works with SIP and RTP. SIP is session initiation protocol and RTP is real-time transport protocol and these are used to establish the call and send the data. RADIUS is a remote authentication and SNMP is to manage a network. TCP/UDP are types of protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

James is worried about how his company will respond to breaches. He’s interested in finding a way that will identify files that have been altered during the breach. What is the best solution for him to implement?

A) NAC
B) NIDS
C) File integrity checker
D) Vulnerability scanner

A

C) File integrity checker

File integrity checkers store hashes of various files and this integrity checker can detect changes to any files. NAC is used to ensure devices meet the minimum security standards; NIDS doesn’t know whether files have been altered and vulnerability scanner only scans for known vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Jason needs to renew the certificate for his company’s web server. Which of the following is recommended to be submitted to the CA?

A) CSR
B) Key escrow
C) CRL
D) OCSP

A

A) CSR

A CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate. Key escrow stores keys, CRL is a list of revoked certificates and the OCSP is a status of certificates which provides validity such as “good” “revoked” or “unknown”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

You have recently completed a review of company network traffic and saw where most of the malware infections are caused by users who visit illicit websites. You would like to implement a solution that will block these websites while scanning all network traffic for signs of malware and block the malware before it enters the company network. Which technology would be the best solution?

A) IDS
B) Firewall
C) UTM
D) SIEM

A

C) UTM

Unified Threat Management (UTM) devices include firewall, IDS, antivirus and some other devices. The IDS detects intrusions, the firewall blocks incoming traffic and a SIEM is used for log aggregations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Of the items listed, which provides additional encryption strength by repeating the encryption process with additional keys?

A) 3DES
B) AES
C) Twofish
D) Blowfish

A

A) 3DES

3DES adds additional encryption strength by repeating the process. All other options do not repeat the encryption process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Choose the attack that depends on the attacker entering JavaScript into a text area that is intended for users to enter text that can be viewed by other users:

A) SQL injection
B) Clickjacking
C) Cross-site scripting
D) Bluejacking

A

C) Cross-site scripting

Cross-site scripting is the correct answer. XSS involves entering a script into text areas that users can view. SQL injection is not about entering scripts, but instead, commands. Clickjacking is tricking users into clicking the wrong things and Bluejacking is a Bluetooth attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Backup tapes are stored off-site. What should be done with them?

A) Generate a file hash for each backup file
B) Scan the backup date for viruses
C) Perform a chain of custody on the backup tape
D) Encrypt the backup data

A

D) Encrypt the backup data

Encryption of the backup data should be done prior to storing tapes off-site because if something happens to the tape physically, the data would still be okay. File hashes verify integrity, scanning for viruses isn’t part of the backup process and chain of custody occurs when evidence is needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Josh is a bank manager and has suspicions that one of his tellers has stolen money from their respective station. After talking with his supervisor, he places the employee on leave with pay, changes their computer account to suspended, and takes their prox card and building keys. Which procedure was followed?

A) Mandatory vacation
B) Exit interview
C) Adverse actions
D) Onboarding

A

C) Adverse actions

The procedure that was followed was adverse actions. These are actions that are placed against employees when a wrongdoing has been found. Mandatory vacation is used to detect fraud, exit interviews are used when an employee leaves a company to try to determine what they can do better and onboarding is used when an employee/vendor is added to the systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

You’re responsible for network protocols. The network time protocol has been failing periodically. What is the most affected?

A) Kerberos
B) RADIUS
C) CHAP
D) LDAP

A

A) Kerberos

Kerberos is the best option. This system uses various tickets, each with a certain time limit. The tickets are typically only good for five minutes or less. All other options are incorrect because none of these are prone to have a significant effect.

32
Q

Nate is considering the use of biometric access control systems for his company. He’s concerned about the crossover error rate (CER), so which of the following processes would most accurately describe the CER?

A) The rate of false acceptance
B) The rate of false rejection
C) The point at which false rejections outpace false acceptances
D) The point at which false rejections and false acceptances are equal

A

D) The point at which false rejections and false acceptances are equal

CER is the rate of false rejections and false acceptance are equal. All other options are not related.

33
Q

Your supervisor has asked you about protecting the privacy of personally identifiable information (PII) that is collected. As the security administrator, which is the best option to meet these requests?

A) PIA
B) BIA
C) RTO
D) SPF

A

A) PIA

A PIA is a privacy impact assessment, which is a measurement of the private information that belongs to the company while in the possession of a PII. Business Impact Analysis (BIA) determines the effects of interruption, Recovery Time Objective (RTO) is the time it takes for services to be restored following a disaster and SPF is a single point-of-failure, which does not assist with privacy.

34
Q

Alissa manages network security at her company. She’s had several calls from users stating that their personal data is being stolen when they use the wireless network. Several of them have insisted they only connect to the corporate wireless access point (WAP), but logs for the WAP show the users have never connected to it. Which of the following explains this situation?

A) Session hijacking
B) Clickjacking
C) Rogue access point
D) Bluejacking

A

C) Rogue access point

Rogue access points show up as the same WAP that someone has been using, but could lead to a different device, which, in turn, does not show the user connecting to the trusted device in the logs. Session hijacking involves taking over an authenticated session, clickjacking involves causing users to visit other websites and click on the wrong item and bluejacking is a Bluetooth attack.

35
Q

Isaac is in need of an authentication protocol that would be effective when it comes to stopping a session hijacking. Which of the following would be the best choice?

A) CHAP
B) PAP
C) SPAP
D) RADIUS

A

A) CHAP

CHAP is the best choice designed to stop a session hijack. All other options are incorrect.

36
Q

Scott works for a large bank that is trying to limit the risk associated with unapproved USB devices to company documents. Which is the best solution for this problem?

A) IDS
B) DLP
C) Content filtering
D) NIPS

A

B) DLP

DLP or data loss prevention would be great with limiting the unapproved technologies. IDS, content filtering and NIPS would not address this scenario.

37
Q

You work for a company that is issuing portable devices to employees for both work and personal use. The company is doing this so they can control the security of the devices. As an employee, what issue is raised by using a company-owned device for your work-related data and personal use?

A) Personal information being exposed
B) Company data being exfiltrated
C) Devices being insecurely configured
D) No issues

A

A) Personal information being exposed

With company-owned devices, you can still use the device for personal use and save your personal information on this device, therefore, your personal and private data is being exposed to your company. By storing your personal data on a company-owned device, the employee is giving up some of their privacy. All other options are incorrect.

38
Q

JB is a security administrator for a bank and has discovered a piece of software on the database server that is not supposed to be there. It looks as though the software will begin deleting files if a certain employee is terminated. What best describes this process?

A) Worm
B) Logic bomb
C) Trojan horse
D) Rootkit

A

B) Logic bomb

Logic bomb is the correct answer. Logic bombs are a type of malware that performs it’s activity when certain conditions are met. Worms self-propagate, Trojan horse is a malware attached to a program and rootkits are malware that get administrative privileges.

39
Q

Of the listed principles, which process would transpire if a user provides a correct username and password?

A) Identification
B) Authentication
C) Authorization
D) Accounting

A

B) Authentication

Authentication is what happens when a user provides a correct name and password. Identification is when you explain your identity, authorization is when you’re granted access and accounting is the logging of information related to specific accounts/processes, etc.

40
Q

Choose the appropriate attack that sends two different messages using the same hash function, therefore, causing a collision:

A) Xmas attack
B) DoS
C) Logic bomb
D) Birthday attack

A

D) Birthday attack

Of the list provided, the appropriate attack that sends different messages using the same hash function and causing a collision would be a birthday attack. Xmas attack creates a TCP packet that turns on flags to scan the system, a DoS attack prevents services or resources in a network, and a logic bomb activates when specific conditions are met.

41
Q

Jakob is worried that someone will use a password cracker on the computers in his company. He’s concerned that common passwords will be attempted in order to gain access to a system. Which would be the best option to mitigate the threat?

A) Password age restrictions
B) Password minimum length requirements
C) Account lockout policies
D) Account usage auditing

A

C) Account lockout policies

The best way to mitigate the possibility of a password cracker would be that accounts should be locked out after a small number of login attempts. Typically, companies use 3 attempts. Password aging forces users to change passwords but doesn’t affect the password guessing attempts. Longer passwords are harder to guess and account usage auditing has nothing to do with this issue.

42
Q

As the security manager, you need to reduce the risk of employees working in collusion to embezzle funds. Which process would you implement?

A) Mandatory vacations
B) Clean desk
C) NDA
D) Continuing education

A

A) Mandatory vacations

The process that should be implemented is mandatory vacations. This process is used to detect fraud. Clean desk policy ensures all sensitive documents are removed from a desk and locked up, an NDA is a nondisclosure agreement that prevents sensitive data from being shared and continuing education does not apply here.

43
Q

Of the listed items, which is not a step of the incident response process?

A) Snapshot
B) Preparation
C) Recovery
D) Containment

A

A) Snapshot

The incident response process does not include snapshot as a step. All other options are steps of that process.

44
Q

Sharon is responsible for the security on web applications. She’s looking to see if all applications have input validation. What is the best way to implement validation?

A) Server-side validation
B) Client-side validation
C) Validate in trust
D) Client-side and server-side validation

A

D) Client-side and server-side validation

The best option is client-side with server-side validation. Using these together would provide Sharon with the best validation solution. Server-side validation individually and client-side validation individually are both incorrect. Validate in trust is not a validation method.

45
Q

Gary is concerned about unauthorized people entering the company’s building. Of the following, which would be most effective in preventing this?

A) Alarm systems
B) Fencing
C) Cameras
D) Security guards

A

D) Security guards

Security guards are the most effective way, out of the aforementioned options, to prevent unauthorized access to the building. All other options will not prevent access.

46
Q

Of the following, which is the most significant disadvantage of federated identities?

A) They cannot be used with Kerberos
B) They don’t implement least privileges
C) Poor password management
D) Transitive trust

A

D) Transitive trust

The most significant disadvantage of federated identities is transitive trust. The security of federated identities is impacted by the security of others. Kerberos can be configured to work with them, and federated identities don’t impact password management and least privileges.

47
Q

Which of the following works like stream ciphers?

A) One-time pad
B) RSA
C) AES
D) DES

A

A) One-time pad

Stream ciphers work similar to one-time pads. They provide the same protection as OTP. RSA is an asymmetric algorithm, AES is a symmetrical block (not stream) cipher, and DES is a symmetric block cipher as well.

48
Q

Matthew is working to select an authentication method for his company that will support REST as well as many web-based and mobile clients. Which of the following would be the best choice?

A) Shibboleth
B) RADIUS
C) OpenID Connect
D) OAuth

A

C) OpenID Connect

OpenID works with OAuth and supports REST (Representational State Transfer, a kind of API). Shibboleth uses SAML and works over the Internet, RADIUS is a remote access protocol, and OAuth allows a users information to be shared without exposing their password.

49
Q

Lori is concerned about DHCP starvation attacks, especially since learning that anyone can download a software called a “gobbler” and use it to execute a DHCP starvation attack. What technology would help mitigate this risk?

A) Encrypt all DHCP communications with TLS
B) FDE on the DHCP server
C) Network Address Allocation
D) IPSec for all DHCP communications

A

C) Network Address Allocation

Network address allocation allocates network addresses (hence the name). This can be done either by limiting the IP addresses to a certain number as well as a few other ways. Encrypting communications is a great idea but it doesn’t mitigate the issue, FDE doesn’t mitigate the issue either and IPSec can be a good answer, but the transmission is not the issue in this scenario.

50
Q

Which is the least secure hashing algorithm?

A) MD5
B) RIPEMD
C) SHA-1
D) AES

A

A) MD5

The least secure hashing algorithm is MD5 as it creates a 128bit hash regardless of the length of the text. RIPEMD creates a 128/160/256/320bit message, SHA1 creates a 160bit hash regardless of the length of text and AES is a secure encryption not considered a hashing algorithm.

51
Q

Jonathan works for a large bank and one of his responsibilities is to ensure that web bank logins are as secure as possible. He’s concerned that a customer’s account login could be compromised and someone else would gain access to that customer’s account. What is the best way to mitigate this threat?

A) Use SMS authentication for any logins from an unknown computer or location
B) Encrypt all traffic via TLS
C) Require strong passwords
D) Do not allow customers to log on from any place other than their home computer

A

A) Use SMS authentication for any logins from an unknown computer or location

Most banks have a policy for sending a customer an SMS message with a code (2FA). Banks are already encrypted with TLS; strong passwords are an excellent idea but don’t address the problem at hand and placing major restrictions on customers will give customers another reason to go elsewhere.

52
Q

Peter manages network security at a large company and is concerned about the variety of attacks, specifically DNS poisoning. Which of the following would be the best option to mitigate this issue?

A) IPsec
B) DNSSEC
C) L2TP
D) TLS

A

B) DNSSEC

DNSSEC stands for Domain Name System Security Extensions and it is a group of extensions that add security to a DNS protocol. This makes the DNS protocol less susceptible to attacks. IPSec and L2TP work on VPNs and TLS doesn’t assist much with mitigation for DNS poisoning.

53
Q

Janet has to deploy and support a legacy application where the configuration for this application and the OS are very specific and cannot be changed. Of the following options, which is the best approach to deploy this software?

A) Use an immutable server
B) Use a VM
C) Set permissions on the application so it cannot be changed
D) Place the application on a separate VLAN

A

A) Use an immutable server

Immutable server is a server that has a configuration that cannot be changed. This would be the best option. VMs are fully configurable. Permissions for applications do not prevent the OS from being changed and applications on a separate VLAN doesn’t address the aforementioned issues.

54
Q

Jay is a security administrator for a large company and has about 100 hosts on his network that were recently attacked by a virus. He’s concerned because there was a patch available that would have minimized the impact from the virus. What is the best solution to implement on the network?

A) Install patch management software
B) Using automatic updates
C) Putting unpatched machines on a Bridge
D) Scanning all machines for patches every day

A

A) Install patch management software

Patch management software will help roll out patches onto the network. Automatic updates shouldn’t be used on corporate networks if they will interfere with productivity and network consistency. Putting unpatched machines on a bridge will not solve the issue and scanning all machines for patches every day will slow down production.

55
Q

Grady is seeking access control methods that enforce authorization rules by the OS. Users cannot override authentication or access control policies. Which of the following best suits these needs?

A) DAC
B) MAC
C) RBAC
D) ABAC

A

B) MAC

MAC (mandatory access control) best suits the requested needs by enforcing rules of the OS. DAC doesn’t centralize account control, RBAC is role-based, and ABAC works off of environmental attributes.

56
Q

Eddie is your security manager and he received a call from law enforcement telling him that some of his computers on his network participated in a massive DoS attack. He’s certain that none of his employees would be involved in a cybercrime. What best explains the given scenario?

A) It is a result of social engineering
B) The machines all have backdoors
C) The machines are bots
D) The machines are infected with crypto-viruses

A

C) The machines are bots

The machines become bots, and they react according to the central station they become attached to. Social engineering is when someone tries to manipulate someone else into giving information. Backdoors seem unlikely in this scenario and Crypto-viruses are not related to DDoS attacks.

57
Q

You currently work for a large company and are concerned about ensuring all workstations have a common configuration, do not contain a rogue software installation, and all patches are kept up to date. Of the following, which would be most effective to accomplish this?

A) Use VDE
B) Implement strong policies
C) Use an image for all workstations
D) Implement strong patch management

A

A) Use VDE

The best option is to implement a VDE or a virtual desktop environment. This would give you the opportunity to manage patches, configurations and software installations/updates/maintenance in a single location. Policies are great but they do not accomplish the task at hand. An image for workstations is great for their original configurations, but it won’t assist with keeping patches up to date or preventing software from being installed. Strong patch management is great, but it doesn’t address all of the requests.

58
Q

You work for a company that has outsourced development of a specific application to a local programming firm, however, after three months of using the product, one of your accountants accidentally discovers a way to log in and bypass all security and authentication. Of the following options, what best describes this?

A) Logic bomb
B) Trojan horse
C) Backdoor
D) Rootkit

A

C) Backdoor

Backdoor is the correct answer. It’s a method for passing normal security and directly accessing a system “through a back door”. Logic bombs are malware files that activate when certain conditions are met, Trojan horses attach to a legitimate program and rootkits have administrative privileges.

59
Q

Alissa has deployed session tokens on her network. What would these tokens be the most effective in protecting against?

A) DDoS
B) Replay
C) SYN flood
D) Malware

A

B) Replay

Session tokens are used to authenticate sessions and can protect you against replay attacks and session hijacking attacks. Session tokens cannot mitigate DDoS, SYN flood or malware attacks.

60
Q

Of the following, which is the most important benefit from implementing SDN?

A) It will stop malware
B) It provides scalability
C) It will detect intrusions
D) It will prevent session hijacking

A

B) It provides scalability

The most important benefit of a software-defined network (or SDN) is scalability. SDNs do not prevent malware, do not detect intrusions, and do not prevent session hijacking.

61
Q

Logan would like to test his company’s web application and evaluate if it’s handling input validation and data validation properly. Of the following, which testing method would be most effective for this scenario?

A) Static code analysis
B) Fuzzing
C) Baselining
D) Version control

A

B) Fuzzing

The best method to handle input validation is fuzzing. Fuzzing is a technique where a tester enters the wrong information intentionally to see how the application will process or handle the data. Static code analysis scans for issues; baselining establishes standards and version control tracks changes to the versions of the code.

62
Q

Which recovery site is the easiest to test?

A) Warm site
B) Cold site
C) Hot site
D) Medium site

A

C) Hot site

The hot site is the easiest recovery site to test. Hot sites are set up and ready to go. Warm sites are harder because there is no employees or company data. The warm site contains very limited equipment and the medium site is not an industry term.

63
Q

Walter is working to implement Type II authentication. Which would be the best example of type II authentication?

A) Strong passwords
B) Retinal scan
C) Smart cards
D) Timed one-time passwords

A

C) Smart cards

Type II authentication is something you have, such as a smart card. A strong password is something you know (type I), a retinal scan is something you are (type III), and TOTP is something you know (type I) as well.

Type I authentication - something you know
Type II authentication - something you have
Type III authentication - something you are

64
Q

Why might it not be advisable to conduct penetration tests on your corporate network?

A) It can be disruptive for the business activities
B) It is able to measure and authenticate the efficiency of a company’s defensive mechanisms
C) It’s able to find known and unknown hardware or software weaknesses
D) It permits the exploration of real risks and gives them a vivid picture of the company’s IT infrastructure security posture at any given time

A

A) It can be disruptive for the business activities

The main reason to avoid penetration tests is that they can disrupt business activities, including network operations. All other options are positive reasons why you should consider conducting a penetration test.

65
Q

Laura is concerned about social engineering, specifically that this technique could be used by an attacker to obtain information about their network, even those relating to passwords. What countermeasure can be taken to ensure she’s most effective in combating social engineering?

A) SPI firewall
B) IPS
C) User training
D) Strong policies

A

C) User training

Social engineering can only be countered by properly training and educating your users. There is no technology that can prevent social engineering, as your users are your weakest link and strong policies only help if the users are well trained in the policies.

66
Q

Walt, a sales manager at your company, has been complaining about his computer performing slowly. When you investigate the issue, you noticed some spyware on his computer, but he insists the only thing he has downloaded lately was a freeware stock trading application. What best explains this situation?

A) Logic bomb
B) Trojan horse
C) Rootkit
D) Macro virus

A

B) Trojan horse

Trojan horse is the correct answer – because it attaches a malicious program to a legitimate program. When the user downloads and installs, they get the malicious program. Logic bombs are malware files that activate when certain conditions are met. Rootkits are malware files that get administrative access and macro viruses embed themselves in documents as macros (a set of actions).

67
Q

Which of the following statements is true about symmetric algorithms?

A) They hide data within an image file
B) They use one key to encrypt and another to decrypt data
C) They use a single key to encrypt/decrypt
D) They use a single key to create a hashing value

A

C) They use a single key to encrypt/decrypt

Symmetric algorithms use a single key to decrypt/encrypt data. Hiding data in an image file is referring to steganography, asymmetric encryption is the process that uses a public/private key to encrypt/decrypt the data and the use of a single key to create a hashing value doesn’t apply to this scenario.

68
Q

You’re responsible for server room security. You’re concerned about physical theft of computers. Of the following, which would best be able to detect theft or attempted theft?

A) Motion-sensor activated cameras
B) Smart card access to the server rooms
C) Strong deadbolt locks for server rooms
D) Logging everyone who enters the server room

A

A) Motion-sensor activated cameras

The best option for server room security would be motion sensor activated cameras which record every entry into the server room. All other options are incorrect for the current scenario. They’re good security measures but won’t provide the results requested.

69
Q

Kaye works for a large insurance company and manages their cybersecurity. She’s concerned about insiders and wants to be able to detect malicious activity but wants the detection process to be invisible to the attacker. What technology best fits these needs?

A) Hybrid NIDS
B) Out-of-band NIDS
C) NIPS
D) NNIDS

A

B) Out-of-band NIDS

Out-of-band NIDS could place the management system on a different network, so this seems to be the best option to meet the requested needs. Hybrid NIDS have network and host IDS. A network IPS is easy to detect and by blocking the offending traffic with a NNIDS (network node IDS), you’re simply delegating IDS functions.

70
Q

Lonnie noticed that attackers have breached his WiFi network and have gained access via a wireless access point administrative panel and logged in with the credentials the WAP was shipped with. What best describes this issue?

A) Default configuration
B) Race conditions
C) Failure to patch
D) Weak encryption

A

A) Default configuration

The credentials the WAP was shipped with are default configuration. Race conditions are pointing to multithreaded applications that use shared variables. Patches do not change the default password, and encryption does not ever affect logging into the administrative screen.

71
Q

Michael is analyzing strange behavior by some of the computers on his network. He believes the machines contain some malware. The symptoms include strange behavior that continues even if they boot to a Linux Live CD. What is the most probable cause?

A) Ransomware
B) Boot sector virus
C) Rootkit
D) Keylogger

A

B) Boot sector virus

The best option is a boot sector virus. Ransomware asks for a payment for you to be able to access your files again. While rootkits can affect the boot sector, that doesn’t match the scenario for this particular question. Nothing in this question indicates anything dealing with a keylogger.

72
Q

Laura manages DLP for a large company where some employees have COPE and some have BYOD. What DLP issue could these devices present?

A) COPE devices can be used as a USB OTG resource
B) BYOD devices can be used as a USB OTG resource
C) COPE and BYOD devices can be used as a USB OTG resource
D) Only jailbroken COPE or BYOD devices can be used as a USB OTG resource

A

C) COPE and BYOD devices can be used as a USB OTG resource

The correct answer is that COPE and BYOD devices can be used as USB on the go devices. This should be a big concern for data loss prevention (DLP) because of the ease of exfiltrating data. COPE and BYOD devices can both be used as a USB OTG resource and the phone doesn’t need to be jailbroken to classify it as a USB OTG resource.

73
Q

Josh is a security technician who’s been tasked with implementing PKI on the company’s network. When verifying the validity of the certificate, he needs to ensure bandwidth isn’t being consumed. What can be implemented?

A) CRL
B) OCSP
C) Key escrow
D) CA

A

A) CRL

Certificate revocation list, or CRL, can be implemented to provide a list of digital certificates that have been revoked, therefore, no longer allowing access. OCSP is a status protocol, Key escrow is key storage, and CA is the certificate-issuing authority.

74
Q

Kristi is setting up database servers on their own subnet. She has placed them on 10.10.3.3/29. How many usable nodes can be allocated in this subnet?

A) 32
B) 16
C) 8
D) 6

A

D) 6

32, 16, and 8 are wrong. See CIDR number calculations.

75
Q

Name a process of deleting data by sending an eraser to clear the instruction in an address of nonvolatile memory.

A) Data-in-transit
B) Data-over-the-network
C) Data-in-use
D) Data-at-rest

A

D) Data-at-rest

Data-at-rest is the data that is currently inactive but stored in digital form in places such as nonvolatile memory. Data-in-transit is data that is moving, data-over-the-network is not considered digital data, and data-in-use is data that is active and stored in volatile memory.

76
Q

CCMP is used in conjunction with what wireless algorithm?

A) WPA
B) TKIP
C) WPA2
D) AES

A

D) AES

AES is the Advanced Encryption Standard algorithm that’s doing a lot of the encryption. And it’s combined with CCMP, which is Counter Mode with Cypher Block Chaining Message Authentication Code Protocol.

There were some nice capabilities added with CCMP. One of them was data confidentiality, where only certain people that were authorized to receive information across the network could receive that data. There’s also authentication enabled within CCMP, so you can be assured that the user on the network really is the genuine user. There’s also access control implemented within CCMP. So we were able to allow or disallow access to the network based on your credentials.