Practice Test 4 Flashcards
Josh, as an administrator for a health care company, is required to support an older, legacy application. He’s concerned about the application having some vulnerabilities that would affect the remainder of the network. Of the following, which option is the most efficient way to mitigate this?
A) Use an application container
B) Implement SDN
C) Run the application on a separate VLAN
D) Insist on an updated version of the application
A) Use an application container
The best option would be to use an application container which isolates applications from the host operating system. Virtual environments are allowed to run an application in an application container. SDN is software-defined networking, which will not accomplish the task at hand. Running applications on separate VLANs has nothing to do with the host operating system and insisting on updated versions still does not accomplish the task.
What type of attack is based on sending more data to a target than the target can hold?
A) Bluesnarfing
B) Buffer overflow
C) Bluejacking
D) DDoS
B) Buffer overflow
Sending more data to a target than the target is capable of holding is called a buffer overflow attack. Bluesnarfing and Bluejacking are both Bluetooth attacks and a DDoS is not described in this scenario.
Pat is working to allocate appropriate numbers of IP addresses for various subnets in the network for his company. What would be the proper CIDR notation for an IP v4 subnet with 72 nodes?
A) /27
B) /29
C) /24
D) /26
C) /24
Options /27 (32 IPs), /29 (8 IPs) and /26 (64 IPs) all yield subnets that are too small.
Mark noticed that one of the employees at his company tethers to his smartphone to bypass corporate web security to access prohibited websites while still being connected to the LAN. What is the best way to prevent this?
A) Disable wireless access
B) Implement a WAF
C) Implement a policy against tethering
D) Implement a HIPS
C) Implement a policy against tethering
In order to be effective here, you’d need to implement a policy against tethering, therefore, repercussions can be possible. Implementing a WAF wouldn’t help much as that’s a firewall, disabling wireless access wouldn’t help much because she isn’t using company wireless, and HIPS doesn’t work unless it’s testing it on the machine that’s being tethered.
Joe is concerned about attacks to an e-commerce server. He’s especially concerned about a cross-site scripting attack and SQL injection. Which of the following would defend against these two attacks?
A) Encrypted web traffic
B) Filtering user input
C) A firewall
D) An IDS
B) Filtering user input
Filtering user input is the best way to defend against attacks. Encrypting web traffic would have no effect on these attacks. Web application firewalls (WAF) can mitigate these attacks but it would fall secondary to filtering user input, and IDS simply detects attacks and doesn’t stop them.
You are currently testing your company network for security issues. The test you’re conducting involves using automated and semi-automated tools to look for known vulnerabilities with various systems. Which of the following best describes this test?
A) Vulnerability scan
B) Penetration test
C) Security audit
D) Security test
A) Vulnerability scan
Vulnerability scans use automated tools to find known vulnerabilities, so this is the correct answer. Penetration tests typically work to exploit found vulnerabilities and break into networked systems, while security audits typically focus on checking policies, incident reports, and documents. Security test is a generic broad term for any type of test run to test network security.
You are responsible for the web application security for your company’s e-commerce server. You’re especially concerned with XSS and SQL injection. Of the following, which technique would be the most effective at mitigating these attacks?
A) Proper error handling
B) The use of stored procedures
C) Proper input validation
D) Code signing
C) Proper input validation
The aforementioned attacks are typically mitigated with input validation. This helps prevent XSS and SQL injections from happening. Error handling doesn’t mitigate attacks. Stored procedures are great but they don’t prevent attacks and Code signing is used for code downloaded from the web, to protect the client computer, not the web application itself.
Of the listed principles, which one states that multiple changes made to computer systems shouldn’t be made simultaneously?
A) Due diligence
B) Acceptable use
C) Change management
D) Due care
C) Change management
Change management is a process that states that multiple changes should never be made to a network and computers simultaneously. This is a process of documenting all changes made, which assists with problem tracking. Due diligence is an investigation, acceptable use policies determine what you can and cannot do on a corporate network and due care is used when you make an extra effort to avoid harm to another party.
Thomas is seeking options for controlling physical access to the server room. He would like a hands-free solution. Which of the following would be his best choice?
A) Smart cards
B) Proximity cards
C) Tokens
D) Fingerprint scanner
B) Proximity cards
The best choice for a hands-free solution would be Proximity cards as they only need to be within close range for the reader to work correctly. Smart cards have to be inserted or swiped, tokens don’t have a hands-free option and fingerprint scanners are not hands-free as they require the use of local fingerprints.
Kim would like to implement a server authentication method that depends on TPM in a server. What’s the best approach?
A) Hardware-based access control
B) Software-based access control
C) Digital certificate-based access control
D) Chip-based access control
A) Hardware-based access control
TPM can be used for authentication, therefore, hardware-based access control is the best approach. For hardware-based access control, you would need the chip in order to be able to access the information on the machine. Software-based access control isn’t related to this scenario, digital certificates aren’t completely related to this scenario and chip-based access control is not an industry term.
Josh manages network security at his company and has noticed that NTP is not working correctly. What security protocol will be affected by this?
A) RADIUS
B) DNSSEC
C) IPSec
D) Kerberos
D) Kerberos
Kerberos is a key distribution center and provides keys with certain time limits. These expire after a certain amount of time and may not be used. All other options are incorrect because they function without a dependency of time synchronization.
Brandon is a network administrator and has received a popup window that tells him his files are now encrypted and he must pay a certain amount of bitcoins to get them decrypted. He tried to check the files in question, but their extensions have all changed and he cannot open them. What best explains the given scenario?
A) His machine has a rootkit
B) His machine has ransomware
C) His machine has a logic bomb
D) His machine has been the target of whaling
B) His machine has ransomware
Brandon’s machine has been affected by ransomware. Ransomware requests payment in return for the files being “held hostage” or encrypted/decrypted. Rootkits provide administrative access, logic bombs execute when certain conditions are met and this scenario has nothing in it that describes whaling.
Which should be required by a company to mitigate the impact of a custom piece of software being installed by a vendor in case the vendor later goes out of business?
A) A detailed credit investigation prior to acquisition
B) A third-party source-code escrow
C) Substantial penalties for breach of contract
D) Standby contracts with other vendors
B) A third-party source-code escrow
The correct answer would be a source-code escrow. This would assist with granting you the source code in the event the vendor goes out of business, so you can maintain the source code yourself. Detailed investigations are a great idea but this won’t help you with a failing vendor. Penalties for breach of contract are no longer effective when a vendor goes out of business and even if another vendor creates a standby by contract with you, they can’t do what they need to without the source code.
Larry is a network administrator for a small accounting firm and has heard some of his users complaining of slow connectivity. When he started investigating the firewall logs, he saw a large number of half-open connections. What best describes his findings?
A) DDoS
B) SYN flood
C) Buffer overflow
D) ARP poisoning
B) SYN flood
SYN flood is the correct answer. Half-open connections are a classic example of a SYN flood attack. Nothing in the question demonstrates any part of a DDoS attack. Buffer overflows involve sending too much data to a target and ARP poisoning alters the ARP tables and isn’t related to website hacking.
Cassie is worried about credential management on a network where users often have over six passwords to remember. She’s currently interested in finding a solution to this problem. Which would be the best way to address this issue?
A) Implement a manager
B) Use short passwords
C) Implement OAuth
D) Implement Kerberos
A) Implement a manager
The best way to address this solution would be to implement a manager for the passwords. Using short passwords is a security risk. OAUTH allows a users account information to be shared and Kerberos will not reduce the number of passwords that must be remembered.
Wayne works for a large law firm and manages network security. It’s common for guests who come to the law firm to need to connect to the WiFi. He wishes to ensure that he provides maximum security when these guests connect using their own devices, but also seeks to provide assurance to the guests that his company will have minimal impact on their devices. What is the best solution?
A) Permanent NAC agent
B) Agentless NAC
C) Dissolvable NAC agent
D) Implement COPE
C) Dissolvable NAC agent
Network Access Control systems can perform a health check on devices to make sure they meet minimum security standards prior to connecting. Permanent NAC would have an impact on visitor devices; agentless NAC has less impact and COPE devices aren’t possible to give to guests.
Which encryption type offers easy key exchange and key management?
A) Obfuscation
B) Asymmetric
C) Symmetric
D) Hashing
B) Asymmetric
Asymmetric encryption is typically the one that provides easy key exchange and management. Asymmetric encryption is the system that protects keys from loss or misuse as well. Obfuscation is a process of making something difficult to read, Symmetric encryption uses the same key to encrypt/decrypt and Hashing ensures data integrity.
Amy manages mobile device security for her company, an insurance firm. The company currently uses BYOD. She’s concerned about employees’ personal device usage compromising company data on the mobile devices. What technology could best assist with this concern?
A) Containerization
B) Screen locks
C) FDE
D) Biometrics
A) Containerization
Containerization is a great resource since it establishes secure isolated connections to applications and isolates the rest of the phone. Screen locks do not assist with this concern, FDE is a great idea but doesn’t segregate data and Biometrics is a great idea for authentication but they do not address this issue.
Which is a term for technical controls?
A) Access controls
B) Logical controls
C) Detective controls
D) Preventative controls
B) Logical controls
Technical controls are logical controls. These are controls you can use to restrict data access like applications, devices, and encryption. Access controls can be technical controls, but this also encompasses other things as well. Detective controls detect things but do not prevent things and preventative controls are typically used to assist in avoiding a security breach.
John is a sales manager at his company. He has recently received an email asking him to click a link to fill out a survey. The email seems suspicious but it does mention a major association of which he’s familiar, and makes him think it may be a legitimate email. Of the following, which best describes this attack?
A) Phishing
B) Social engineering
C) Spear phishing
D) Trojan horse
C) Spear phishing
The correct answer is spear phishing. Spear phishing targets a specific group, and it’s relatively easy to do when attackers can find individuals from public sources via source intelligence. Phishing is too broad of a term. Social engineering is incorrect; while it is a part of every phishing attack, this scenario goes deeper than social engineering. Trojan horse and/or malware is not even part of this attack.
Lisa manages incident response for a bank. The bank has a website that’s been attacked. The attacker utilized the login screen, and rather than entering proper login credentials, the attacker entered some odd text: ‘ or ‘1’=’1. What is this attack known as?
A) Cross-site scripting
B) Cross-site request forgery
C) SQL injection
D) ARP poisoning
C) SQL injection
The correct answer is a SQL injection. The text in the question is a classic example of a basic SQL injection that works to log in to a site. Cross-site scripting uses JavaScript, Cross-site request forgery doesn’t involve test and ARP poisoning alters an ARP table, which isn’t related to website hacking.
Which plan identifies critical systems and components to ensure assets are safe and protected?
A) DRP
B) BCP
C) IT contingency plan
D) Succession plan
B) BCP
A business continuity plan identifies critical systems and components that need to be protected. DRP (disaster recovery plan) has information relating to the disaster recovery strategy such as how the company will require with minimal lost time and money, an IT contingency plan specifies alternate procedures for disruptions of service and succession plan works through personnel coming in to take someone else’s place upon leaving the company.
Wanda is responsible for network connectivity for her company. The sales department is transitioning to VoIP. What two protocols must be allowed through the firewall for this to be successful?
A) RADIUS and SNMP
B) TCP and UDP
C) SIP and RTP
D) RADIUS and SIP
C) SIP and RTP
VoIP works with SIP and RTP. SIP is session initiation protocol and RTP is real-time transport protocol and these are used to establish the call and send the data. RADIUS is a remote authentication and SNMP is to manage a network. TCP/UDP are types of protocols.
James is worried about how his company will respond to breaches. He’s interested in finding a way that will identify files that have been altered during the breach. What is the best solution for him to implement?
A) NAC
B) NIDS
C) File integrity checker
D) Vulnerability scanner
C) File integrity checker
File integrity checkers store hashes of various files and this integrity checker can detect changes to any files. NAC is used to ensure devices meet the minimum security standards; NIDS doesn’t know whether files have been altered and vulnerability scanner only scans for known vulnerabilities.
Jason needs to renew the certificate for his company’s web server. Which of the following is recommended to be submitted to the CA?
A) CSR
B) Key escrow
C) CRL
D) OCSP
A) CSR
A CSR (certificate signing request) is what is submitted to the CA (certificate authority) to request a digital certificate. Key escrow stores keys, CRL is a list of revoked certificates and the OCSP is a status of certificates which provides validity such as “good” “revoked” or “unknown”.
You have recently completed a review of company network traffic and saw where most of the malware infections are caused by users who visit illicit websites. You would like to implement a solution that will block these websites while scanning all network traffic for signs of malware and block the malware before it enters the company network. Which technology would be the best solution?
A) IDS
B) Firewall
C) UTM
D) SIEM
C) UTM
Unified Threat Management (UTM) devices include firewall, IDS, antivirus and some other devices. The IDS detects intrusions, the firewall blocks incoming traffic and a SIEM is used for log aggregations.
Of the items listed, which provides additional encryption strength by repeating the encryption process with additional keys?
A) 3DES
B) AES
C) Twofish
D) Blowfish
A) 3DES
3DES adds additional encryption strength by repeating the process. All other options do not repeat the encryption process.
Choose the attack that depends on the attacker entering JavaScript into a text area that is intended for users to enter text that can be viewed by other users:
A) SQL injection
B) Clickjacking
C) Cross-site scripting
D) Bluejacking
C) Cross-site scripting
Cross-site scripting is the correct answer. XSS involves entering a script into text areas that users can view. SQL injection is not about entering scripts, but instead, commands. Clickjacking is tricking users into clicking the wrong things and Bluejacking is a Bluetooth attack.
Backup tapes are stored off-site. What should be done with them?
A) Generate a file hash for each backup file
B) Scan the backup date for viruses
C) Perform a chain of custody on the backup tape
D) Encrypt the backup data
D) Encrypt the backup data
Encryption of the backup data should be done prior to storing tapes off-site because if something happens to the tape physically, the data would still be okay. File hashes verify integrity, scanning for viruses isn’t part of the backup process and chain of custody occurs when evidence is needed.
Josh is a bank manager and has suspicions that one of his tellers has stolen money from their respective station. After talking with his supervisor, he places the employee on leave with pay, changes their computer account to suspended, and takes their prox card and building keys. Which procedure was followed?
A) Mandatory vacation
B) Exit interview
C) Adverse actions
D) Onboarding
C) Adverse actions
The procedure that was followed was adverse actions. These are actions that are placed against employees when a wrongdoing has been found. Mandatory vacation is used to detect fraud, exit interviews are used when an employee leaves a company to try to determine what they can do better and onboarding is used when an employee/vendor is added to the systems.