Practice Test 5 Flashcards
David, a programmer, is using the waterfall method for application development. Using this method, at which phase of the SDLC can he stop implementing security measures?
A) Requirements
B) Design
C) Implementation
D) Retirement
D) Retirement
Security is a process that should be addressed at each phase (all stages) of development. You should only stop implementing security measures once the system has reached retirement, has been uninstalled, and has been properly disposed of.
Of the following, which item is a list of applications approved for use on your network?
A) Blacklist
B) Red list
C) Whitelist
D) Orange list
C) Whitelist
Whitelists are lists of approved applications. Blacklists are lists of blocked applications. Red lists and Orange lists aren’t industry terms.
Neil, a network administrator for a small firm, has discovered several machines on his network are infected with malware. The malware is sending a flood of packets to an external target. What describes this attack?
A) SYN flood
B) DDoS
C) Botnet
D) Backdoor
B) DDoS
While his machines may be part of a botnet, the attack being described by the flood of packets leaving the network is indicative of a distributed denial of service attack. We see nothing in here that is specific and describes a SYN flood attack (SYN was never mentioned in the question). Also, there is no indication of a backdoor based on the scenario provided. On the exam, be careful not to add information into the scenario that has not been given to you. In this question, a DDoS is the best option provided.
Jamie recently downloaded a program from an unknown website and now his client files have had their file extensions changed and he cannot open them. He received a popup window that informed him that his files were now encrypted and he must pay some bitcoins to get them decrypted. What has happened?
A) His machine has a rootkit
B) His machine has a logic bomb
C) His machine has a boot sector virus
D) His machine has ransomware
D) His machine has ransomware
This is a perfect description of how ransomware works. Rootkits gain administrative access, logic bombs deploy when certain conditions are met and boot sector viruses infect the boot sector of the target computer.
As the manager for network operations at his company, Shane saw an accountant in the hall who thanks him for keeping the antivirus software up to date. When asked what he means, he mentions one of the IT staff members named Michael called him yesterday and remotely connected to his PC to update the antivirus…but there’s no employee named Michael. What happened?
A) IP spoofing
B) MAC spoofing
C) Man-in-the-middle attack
D) Social engineering
D) Social engineering
Social engineering works through weaknesses in people. Nothing in this scenario points to IP spoofing or MAC spoofing and a man-in-the-middle attack would require an attacker to be between the source and target to receive some communication.
Ashley is the network administrator for a company. She proceeds to delete the account for a user who left the company last week. The user’s files were encrypted with a private key. How can Ashley view these files?
A) They can be decrypted using the backup user account
B) They can be decrypted using a recovery agent
C) They must be re-created from the former user’s account
D) They can be decrypted using a CRL
B) They can be decrypted using a recovery agent
Ashley can view these files using a recovery agent that can assist with decrypting the files. If there is no recovery agent, then the files cannot be seen.
You work for an insurance company as their security administrator. You’ve noticed that there are a few accounts still active of employees who have been left the company for at least a year. You are worried that someone might attempt to access these accounts. What administrative control could be enabled to help prevent these accounts from remaining online and accessible after an employee leaves the company?
A) Password complexity
B) Offboarding procedures
C) Onboarding procedures
D) Password expiration
B) Offboarding procedures
The best option to address this issue would be to setup an administrative control of using proper offboarding procedures. When an employee leaves a company (either by choice or by termination), their accounts should be disabled, their credentials revoked, their access badges returned, and their hardware tokens returned to security. While setting the password expiration dates on the accounts may help prevent someone from logging into a dormant account, this is a technical control and not an administrative one. Password complexity and onboarding procedures have nothing to do with the issue being raised in the question either.
Which of the standards below was developed by the WiFi Alliance and is used to implement the requirements of IEEE 802.11i??
A) NIC
B) WPA
C) WPA2
D) TKIP
C) WPA2
WPA2 was used to implement the requirements of IEEE 802.11i. a NIC is a network interface card. WPA is WiFi protected access. TKIP wraps around WEP encryption to make it stronger and is also used in WPA.
Ashley is attempting to increase security at her company. She’s currently creating an outline of all aspects of security that will need to be evaluated and acted on. Of the following terms, which one describes the process of improving security in a trusted OS?
A) FDE
B) Hardening
C) SED
D) Baselining
B) Hardening
Hardening is the process of increasing security. FDE is full disk encryption, SED is self-encrypted drives and baselining is establishing a standard. The best option is hardening to accomplish the task.
Tracie has been using a packet sniffer to observe traffic in the company network and has noticed that traffic between the web server and the database server is sent in clear text. She would like a solution that will encrypt traffic and also leverage the existing digital certificate infrastructure the company has. Which of the following is the best solution?
A) TLS
B) SSL
C) IPSec
D) WPA2
A) TLS
Transport Layer Security (TLS) can be used to secure any network communications and works in conjunction with several technologies such as HTTP, LDAP, SMTP, etc, and uses digital certificates. SSL is a much older technology that’s been replaced by TLS. IPSec is incorrect because it works with a VPN and WPA2 is security for WiFi.
Paul is the web security administrator for a website that does online auctions. A few users are complaining that when they log in to the website, they get a message stating it’s down to try again later. Paul checks and he can visit the site without any problem, even from outside of the network. He also checks the web server log but there is no entry of these users ever connecting. Of the following, which best explains this situation?
A) Typosquatting
B) SQL injection
C) Cross-site scripting
D) Cross-site request forgery
A) Typosquatting
These users look to be logging into a fake web server, which gives us an indication that typosquatting has occurred (a URL named very similar so when users mistype the site name, it goes to a fake site). All other options are methods of attacking a site and in this scenario, the actual website was not attacked.
Choose an example of PHI?
A) Passport number
B) Criminal record
C) Fingerprints
D) Name of school attended
C) Fingerprints
Of all listed options, the best option of PHI is fingerprints, according to HIPPA rules. All other options are PII (personally identifiable information) according to the NIST standards.
Courtney manages data security on BYOD and COPE devices. She’s specifically concerned about the data being exposed should a device be lost or stolen. Which item would the best to alleviate this concern?
A) Geofencing
B) Screen lock
C) GPS tagging
D) Device encryption
D) Device encryption
Device encryption is the best way to ensure the data on a device is secure in the event the device is stolen. Geofencing limits where your mobile device works, screen locks are great ideas but not related to the scenario and GPS tagging can be used to locate a device, but not to see if data is being copied from a device.
Jack manages security devices in his network. He’s implemented a robust NIDS in his network, however, on two occasions the NIDS has missed a breach. What condition does this describe?
A) False negative
B) Port blocking
C) SPI
D) False positive
A) False negative
The IDS missing attacks makes it look like it’s not correctly identifying these attacks, so the configuration would need to be changed. Port blocking is a firewall function, Stateful packet inspection (SPI), also referred to as dynamic packet filtering, is a type of firewall and false positives happen when an IDS improperly labels legitimate traffic which isn’t the case of what’s happening here.
Which listed technique attempts to predict the likelihood of a threat occurrence and assigns monetary values in the event of a loss?
A) Change management
B) Vulnerability management
C) Qualitative risk assessment
D) Quantitative risk assessment
D) Quantitative risk assessment
Of the listed techniques to predict a threat occurrence, the one that assigns the monetary value is the quantitative risk assessment, because it assigns numerical values from impacts. Change management is managing configuration changes, vulnerability assessments work to identify vulnerabilities in a network and qualitative risk assessments determine and rank the quality such as a high/medium/low risk.
Which is the best choice for naming the account of John Smith – domain admin?
A) dm_jsmith
B) jsmithAdmin
C) AdministratorSmith
D) jsmith
D) jsmith
The best choice of naming an administrative domain account should never actually have an account name that shows the exact account roles. All other options clearly demonstrate the role of the account holder.
Laura manages the physical security for her company. She’s especially concerned about an attacker driving a vehicle into the building. Which option below would protect against this threat?
A) A gate
B) Bollards
C) A security guard on duty
D) Security cameras
B) Bollards
Of the options provided, the best object to protect against the threat of someone driving into the building is bollards. Bollards are large concrete objects designed to prevent a vehicle from passing the boundaries. Gates are good, but they can be breached. Security guards aren’t able to stop vehicles and security cameras are passive because they show you what happened but don’t prevent it from happening.
The company you work for is considering moving its email server to a hosting company. This will help reduce the cost of hardware and server administration at your local site. Which document formally states the reliability and recourse if reliability isn’t met?
A) MOU
B) SLA
C) ISA
D) BPA
B) SLA
SLA (service level agreements) formally state the expectations of the service provider. Memorandum of Understanding (MOU) describes mutual agreements, Interconnection Security Agreements (ISA) specify technical and security requirements and Business Partners Agreement (BPA) define the legal agreements between partners.
Kevin is going over his company’s recertification policy. Which is the best reason to recertify?
A) To audit usage
B) To enhance onboarding
C) To audit permissions
D) To manage credentials
C) To audit permissions
The best reason to recertify is to audit permissions. This involves conducting a periodic audit of permissions. Audit usage is great but doesn’t completely relate. Onboarding doesn’t contain recertification as part of its process and credential management doesn’t fit in this scenario.
Rachel manages security for a small bank and has a firewall at the gateway as well as one at each network segment. Each firewall logs all accepted and rejected traffic. Rachel checks each of these logs regularly. What’s the first step that should be taken to improve this firewall configuration?
A) Integrate with SIEM
B) Add a honeypot
C) Integrate with AD
D) Add a honeynet
A) Integrate with SIEM
The first step that should be taken is to integrate it with a SIEM that way all logs are centralized and backed up. Honeypot and honeynet aren’t related to the scenario at all and integrating with AD is a great idea but it doesn’t improve the firewall configuration.
Matt manages database security for a university and he’s concerned about ensuring that appropriate security measures are implemented. Which is the most important to database security?
A) Password policies
B) Antivirus
C) EFS
D) Access control policies
D) Access control policies
The most important security measure that can be implemented is the access control policies. This is the most important issue for database security. Password policies are important, antivirus is important and encrypting files is important as well but all of these are not as important as access control in relation to this scenario.
You’re responsible for an always-on VPN connection for your company and have been told that it must utilize the most secure mode for IPSec possible. Which of the following is best?
A) Tunneling
B) AH
C) IKE
D) Transport
A) Tunneling
Tunneling mode where IPSec encrypts packets (the entire contents). Authentication Headers provide authentication and integrity but no encryption so it isn’t considered to be secure mode. IKE or Internet key exchange is used for security associations in IPSec and Transport mode only encrypts the data, not the header.
Natalie is responsible for the security of web servers and is configuring the WAF to allow only encrypted traffic to and from the web server, including from administrators using the command-line interface. What should she do?
A) Open port 80 and 23, block port 443
B) Open port 443 and 23, block port 80
C) Open port 443 and 22 and block port 80 and 23
D) Open port 443 and block all other ports
C) Open port 443 and 22 and block port 80 and 23
Port 443 is used for HTTPS. HTTP is encrypted via TLS and port 22 is used for SSH and port 23 for telnet. All other options are incorrect because they are not proper ports to block or to open.
Your security policy is set to include system testing and security awareness training guidelines. Which of the following types of control is this?
A) Detective technical control
B) Preventative technical control
C) Detective administrative control
D) Preventative administrative control
D) Preventative administrative control
Testing and training are considered to be preventative administrative controls. These items are often followed by policies and how they should be executed. Detective controls uncover violations, preventative technical controls are similar to IPS and detective administrative controls are things such as policies, procedures, and guidelines.
You are a security analyst and you have just successfully removed malware from a virtual server. Which could you use to return the virtual server to its last known good state?
A) A sandbox
B) A hypervisor
C) A snapshot
D) Elasticity
C) A snapshot
Snapshots are images of the virtual machines at a certain point in time. A snapshot would be able to return the server to its last known good state. A sandbox is an isolated system, a hypervisor hosts virtual machines, and elasticity makes the system more scalable.
You have an email that you are sending to a friend. You want to ensure it retains its integrity during transit, so you decide to digitally sign the email. When using a PKI system, what is used to encrypt the hash digest of the email to create a digital signature?
A) CER
B) Public key
C) Shared key
D) Private key
D) Private key
A digital signature is comprised of a hash digest of the original email that is then encrypted using the sender’s private key. To verify the digital signature upon receipt, the receiver’s email client will decrypt the signature file, hash the email itself, and compare the unencrypted signature file to the newly calculated hash. If they match, then the signature is considered authentic and the email is considered to have good integrity (it hasn’t been changed in transit).
You’ve been asked to conduct a penetration test for a small company and for the test, you were only given a company name, the domain name of their website, and the IP address of their gateway router. What describes the type of test?
A) White box test
B) External test
C) Black box test
D) Threat test
C) Black box test
The correct choice is black-box test, which uses minimal information. White-box tests involve complete information. External tests are done from outside the network and the terminology doesn’t match this scenario and the term threat test isn’t an industry term used in penetration testing.
Of the following terms, which one refers to the process of establishing a standard for security?
A) Baselining
B) Security evaluation
C) Hardening
D) Normalization
A) Baselining
Baselining is the process of establishing a standard. Any change in the baseline creates what’s known as the baseline deviation. Security evaluations do not establish standards. They can suggest a change to the baseline. Hardening is hardening the operating system or any system but doesn’t provide establishment of standards and normalization is the process of removing duplicates.
Your company has implemented a clean desk policy and you were asked to secure physical documents every night. What is the best solution?
A) Department door lock
B) Locking cabinets and drawers
C) Proximity card
D) Onboarding
B) Locking cabinets and drawers
The best solution for a clean desk policy would be locking cabinets and drawers because then the employee is the only one with a key. Department door lock is okay but multiple people will have a key to the department. A proximity card is okay for tracking but it doesn’t prevent information sharing, and onboarding doesn’t apply to this situation.
What type of attack is focused on targeting a specific individual like the CEO of a company?
A) Spear phishing
B) Targeting phishing
C) Phishing
D) Whaling
D) Whaling
Whaling is targeting specific individuals. Spear phishing targets a small group, targeted phishing is not an industry term and phishing is a generic term.