Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Sec + > Practice Tests > Flashcards

Practice Tests Flashcards

1
Q

You’ve hired a third-party to gather information about your company’s servers and data. The third party will not have direct access to your internal network but can gather information from any other source. Which of the following would best describe this approach?

A. Backdoor Testing
B. Passive Reconnaissance
C. OS Fingerprinting
D. Grey box pen Testing

A

B. Passive Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of these protocols use TLS to provide secure communication? (Select Two)

A. HTTPS
B. SSH
C. FTPS
D. SNMPv2
E. DNSSEC
F. SRTP
A

A. HTTPS
C. FTPS

HTTPS - Hypertext Transfer Protocol over TLS
FTPS - File Transfer Protocol over TLS

TLS (Transport Layer Security) is a cryptographic protocol used to encrypt network communication. TLS is a newer version of SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of these threat actors would be MOST likely to attack systems for direct financial gain?

A. Organized Crime
B. Hacktivist
C. Nation State
D. Competitor

A

A. Organized Crime

Its not competitor because it doesn’t have any DIRECT financial gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO)

A. Partition data
B. Kernel statistics
C. ROM data
D. Temporary file systems
E. Process table
A

A. Partition data
D. Temporary file systems

Both temporary file system data and partition data are part of the file storage subsystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allow the device to be remotely controlled by a third-party. Which category would BEST describe these devices?

A. IoT
B. RTOS
C. MFD
D. SoC

A

C. MFD - Multifunction Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following would attempt to exploit a vulnerability associated with a specific application?

A. Vulnerability scan
B. Active reconnaissance
C. Penetration test
D. Port scan

A

C. Penetration Test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Elizabeth, a security administrator, is concerned about
the potential for data exfiltration using external storage
drives. Which of the following would be the BEST way to
prevent this method of data exfiltration?

A. Create an operating system security policy to prevent the use of the removable media
B. Monitor removable media usage in host-based firewall logs
C. Only whitelist applications that do not use removable media
D. Define a removable media block rule in the UTM

A

A. Create an operating system security policy to prevent the use of the removable media.

Removeable media uses hot-pluggable interfaces such as USB to connect storage devices. A security policy in the operating system can prevent any files from being written to a removable drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tayla is a help desk administrator for a major
transportation company. Her help desk has suddenly
been overwhelmed by phone calls from customers. The
customers are complaining that their browser is giving a
message that the company’s website is untrusted. Which
of the following would be the MOST likely reason for
this issue?

A. The web server is not running the latest version of software
B. The corporate firewall is misconfigured
C. A content filter is blocking web server traffic
D. The web server has a certificate issue

A

D. The web server has a certificate issue

Any web server issues relating to trust are generally associated with the status of the web server certificate. If a certificate has expired or the fully-qualified domain name on the certificate does not match the name of the web server, the end users will see errors in their browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An insurance company has created a set of policies to
handle data breaches. The security team has been given
this set of requirements based on these policies:
• Access records from all devices must be
saved and archived
• Any data access outside of normal working hours
must be immediately reported
• Data access must only occur inside of the country
• Access logs and audit reports must be created from a
single database
Which of the following should be implemented by the
security team to meet these requirements?
(Select THREE)

A. Restrict login access by IP address and GPS location
B. Require government-issued identification during the onboarding process
C. Add additional password complexity for accounts that access data
D. Conduct monthly permissions auditing
E. Consolidate all logs on a SIEM
F. Archive the encryption keys of all disabled accounts
G. Enable time-of-day restrictions on the authentication server

A

A. Restrict login access by IP address and GPS location,
E. Consolidate all logs on a SIEM, and
G. Enable time-of-day restrictions on
the authentication server

Adding location-based policies will prevent direct data access from outside
of the country. Saving log information from all devices and creating audit
reports from a single database can be implemented through the use of a
SIEM (Security Information and Event Manager). Adding a check for the
time-of-day will report any access that occurs during non-working hours.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Leslie is projecting timelines to complete various analysis reports. Which list presents the correct order in which each analysis should be performed?

A. Threat, risk
B. Risk, threat
C. Threat, vulnerability
D. Business impact, risk

A

A. Threat, risk

Because a risk assessment relies on organizing threats to maximize potential opportunity, it cannot be conducted before a threat assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Rodney, a security engineer, is viewing this record from the firewall logs:

UTC 04/05/2018 03:09:15809 AV Gateway Alert
136.127.92.171 80 -> 10.16.10.14 60818
Gateway Anti-Virus Alert:
XPACK.A_7854 (Trojan) blocked.

Which of the following can be observed from this log information?

A. The victim’s IP address is 136.127.92.171
B. A download was blocked from a web server
C. A botnet DDoS attack was blocked
D. The Trojan was blocked, but the file was not

A

B. A download was blocked from a web server

A traffic flow from a web server port number (80) to a device port (60818) indicates that this traffic flow originated on port 80 of the web server. A file download is one of the most common ways to deliver a Trojan, and this log entry shows that the file containing the XPACK.A_7854 Trojan was blocked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Richard, an engineer, has been posting pictures of a
not-yet-released company product on an online forum.
Richard believed the forum was limited to a small group,
but his pictures were actually posted on a publicly
accessible area of the site. Which of the following
company policies should be discussed with Richard?

A. Personal Email
B. Unauthorized software
C. Social media
D. Certificate issues

A

C. Social Media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A group of universities sponsor a monthly speaking event
that is attended by faculty from many different schools.
Each month, a different university is selected to host
the event. The IT staff for the event would like to allow
access to the local wireless network using the faculty
member’s normal authentication credentials. These
credentials should properly authenticate, even when the
faculty member is not physically located at their home
campus. Which of the following authentication methods
would be the BEST choice for this requirement?

A. RADIUS federation
B. 802.1X
C. PEAP
D. EAP-FAST

A

A. RADIUS Federation

RADIUS (Remote Authentication Dial-In User Service) with federation would allow members of one organization to authenticate using the credentials of another organization

802.1X is a useful authentication protocol, but it needs additional
functionality to authenticate across multiple user databases.

PEAP (Protected Extensible Authentication Protocol) provides a method of
authentication over a protected TLS (Transport Layer Security) tunnel, but
it doesn’t provide the federation needed for these requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A system administrator, Daniel, is working on a contract that will specify
a minimum required uptime for a set of Internet-facing firewalls. Daniel
needs to know how often the firewall hardware is expected to fail between
repairs. Which of the following would BEST describe this information?

A. MTBF
B. RTO
C. MTTR
D. MTTF

A

A. MTBF

The MTBF (Mean Time Between Failures) is a prediction of how often a repairable system will fail

RTO (Recovery Time Objectives) define a set of objectives needed to restore a particular service level.

MTTR (Mean Time to Restore) is the amount of time it takes to repair a component

MTTF (Mean Time to Failure) is the expected lifetime of a non-repairable product or system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An attacker calls into a company’s help desk and pretends to be the director of the company’s manufacturing department. The attacker states that they have forgotten their password and they need to have the password reset quickly for an important meeting. The help desk engineer requests the employee’s ID number and sends a password reset validation code to the user’s registered mobile device number. What kind of attack is the help desk engineer preventing by following these processes?

A. Social engineering
B. Tailgating
C. Vishing
D. Man-in-the-middle

A

A. Social Engineering

A social engineering attack takes advantage of authority and urgency principles in an effort to convince someone else to circumvent normal normal security controls.

Not Vishing

Because these attacks use the phone to obtain private information from others. In this question the attacker was not asking for confidential information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The company’s network team now needs to support additional authentication protocols inside of an encrypted tunnel. Which of the following would meet the network team’s requirements?

A. EAP-TLS
B. PEAP
C. EAP-TTLS
D. EAP-MSCHAPv2

A

C. EAP-TTLS

EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security) allows the use of multiple authentication protocols transported inside of an encrypted TLS (Transport Layer Security) tunnel. This allows the use of any authentication while maintaining confidentiality with TLS

Not EAP-TLS

Does not provide a mechanism for using multiple authentication types within a TLS tunnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following would be commonly provided by a CASB? (Select TWO)

A. List of all internal Windows devices that have not installed the latest security patches
B. List of applications in use
C. Centralized log storage facility
D. List of network outages for the previous month
E. Verification of encrypted data transfers
F. VPN connectivity for remote users

A

B. A list of applications in use
E. Verification of encrypted data transfers

A CASP (Cloud Access Security Broker) can be used to apply security policies to cloud-based implementations. Two common functions of a CASB are visibility into application use and data security policy use. Other common CASB functions are the verification of compliance with formal standards and the monitoring and identification of threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The embedded OS in a company’s time clock appliance is configured to reset the file system and reboot when a file system error occurs. On on of the time clocks, this file system error occurs during the startup process causes the system to constantly reboot. This loop continues until the time clock is powered down. Which of the following BEST describes this issue?

A. DLL injection
B. Resource exhaustion
C. Race condition
D. Weak configuration

A

C. Race condition

A race condition occurs when two processes occur at similar times, usually with unexpected results. The file system problem is usually fixed before a reboot, but a reboot is occurring before the fix can be applied. This has created a race condition that results in constant reboots.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A recent audit has found that existing password policies
do not include any restrictions on password attempts,
and users are not required to periodically change their
passwords. Which of the following would correct these
policy issues? (Select TWO)

A. Password complexity
B. Password expiration
C. Password history
D. Password lockout
E. Password recovery
A

B. Password expiration
D. Password lockout

Password expiration would require a new password after the expiration
date. Password lockout would disable an account after a predefined
number of unsuccessful login attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What kind of security control is associated
with a login banner?

A. Preventive
B. Deterrent
C. Corrective
D. Detective
E. Compensating
F. Physical
A

B. Deterrent

A deterrent control does not directly stop an attack, but it may discourage
an action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Your security team has been provided with an uncredentialled vulnerability
scan report created by a third-party. Which of the following would you
expect to see on this report?

A. A summary of all files with invalid group assignments
B. A list of all unpatched operating system files
C. The version of web server software in use
D. A list of local user accounts

A

C. The version of web server software in use

A scanner like Nmap can query services and determine version numbers
without any special rights or permissions, which makes it well suited for
non-credentialed scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The security team of a small manufacturing company is investigating a
compromised server that resulted in a defaced internal website home
page. The web server had been running for a year, but no security patches
were ever applied. Logs from the web server show a large number of
attacks containing well-known exploits occurred just before the server was
defaced. Which of these would be the MOST likely source of this attack?

A. Hacktivist
B. Script kiddie
C. Insider
D. Nation state

A

B. Script kiddie

A script kiddie commonly runs pre-made scripts without any knowledge of
what the script is actually doing. The script kiddie is simply hoping that at
least one of the many exploit attempts will be successful.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of these would be MOST significant security concern for
an insider threat?

A. Passwords written on sticky notes
B. An unpatched file server
C. A VPN concentrator that uses an older encryption cipher
D. Limited bandwidth available on the Internet link

A

A. Passwords written on sticky notes

A password written down and left in an open area can be used by any
insider who happens to walk by

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A security administrator would like to limit access from a user VLAN to
the server VLAN. All traffic to the server VLAN communicates through
the core router. Users should only be able to connect to servers using
standard protocols. Which of the following options would be the BEST
way to implement this security feature?

A. Configure a reverse proxy
B. Define an ACL on the core router
C. Replace the core router with a layer 3 firewall
D. Add a load balancer for each server cluster

A

B. Define an ACL on the core router

Configuring an ACL (Access Control List) is a feature already included with
the router. The ACL will allow the filtering of traffic by IP address and port
number.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A file server has a full backup performed each Monday at 1 am. Incremental backups are performed at 1 am on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery?

A. 2
B. 3
C. 4
D. 1

A

C. 4

Each incremental backup will archive all of the files that have changed since the last full incremental backup. To complete this full restore, the administrator will need the full backup from Monday and the incremental backups from Tuesday, Wednesday, and Thursday

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A company is creating a security policy that will protect all corporate
mobile devices:
• All mobile devices must be automatically locked
after a predefined time period.
• Some mobile devices will be used by the
remote sales teams, so the location of each device
needs to be traceable.
• The mobile devices should not be operable
outside of the country.
• All of the user’s information should be completely separated from
company data.
Which of the following would be the BEST way to establish these
security policy rules?

A. Containerization strategy
B. Biometrics
C. COPE
D. VDI
E. Geofencing
F. MDM
A

F. MDM

An MDM (Mobile Device Manager) provides a centralized management system for all mobile devices. From this central console, security administrators can set policies for many different types of mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Jack, a security engineer, runs a monthly vulnerability scan and creates
a report with the results. The latest report doesn’t list any vulnerabilities
for Windows servers, but a significant vulnerability was announced last
week and none of the servers are patched yet. The vulnerability scanner is
running the latest set of signatures. Which of the following best describes
this result?

A. Exploit
B. False positive
C. Zero-day attack
D. False negative

A

D. False Negative

A false negative is a result that fails to detect an issue when one actually exists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A security administrator is reviewing a 30-day access report to
determine if there are any unusual or unexpected authentications. After
these reviews, the security administrator decides to add additional
authentication controls to the existing infrastructure. Which of the
following should be added by the security administrator? (Select TWO)

A. TOTP
B. Least privilege
C. Role-based awareness training
D. Separation of duties
E. Job rotation
F. Smart Card
A

A. TOTP (Time-based One-Time password)
F. Smart Card

TOTP and smart cards are useful authentication controls when used in conjunction with other authentication factors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A network administrator would like to reconfigure
the authentication process on the company’s wireless
network. Instead of using the same wireless password
for all users, the administrator would like each user to
authenticate with their personal username and password.
Which of the following should the network administrator
configure on the wireless access points?

A. WPA2-PSK
B. 802.1X
C. WPS
D. WPA2-AES

A

B. 802.1X

802.1X uses a centralized authentication server, and all users can use their normal credentials to authenticate to an 802.1X network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following technologies use a challenge message during the authentication process

A. TLS
B. TACACS+
C. Kerberos
D. CHAP

A

D. CHAP

CHAP (Challenge-Handshake Authentication Protocol) combines a server’s challenge message with the client’s password hashing during the authentication process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

. A user has saved a presentation file to a network drive, and the user
has assigned individual rights and permissions to the file. Prior to the
presentation date, the user adds three additional individuals to have read-only access to the file. Which of the following would describe this access
control model?

A. DAC
B. MAC
C. ABAC
D. RBAC

A

A. DAC (Discretionary Access Control)

DAC (Discretionary Access Control) is used in many operating systems and this model allows the owner of the resource to control who has access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

The network administrator for an organization is building a security
strategy that can continually monitor the network and systems for threats.
This strategy focuses on protecting the automated creation of cloud-based
services, the teardown process of cloud-based services, and the rollback of
cloud-based services from one version to another. Which of the following
BEST describes the environment that the network administrator will
secure?

A. Redundant
B. Highly-available
C. Fault-tolerant
D. Non-persistent

A

D. Non-persistent

A non-persistent environment is always in motion, and application instances can be created, changed, or removed at any time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A department store offers gift certificates that can be used to purchase
merchandise. The store policy requires that a floor manager approves each
transaction when a gift certificate is used for payment. The security team
has found that some of these transactions have been processed without the
approval of a manager. Which of the following would provide a separation
of duties to enforce this store policy?

A. Use a WAF to monitor all gift certificate transactions
B. Disable all gift certificate transactions for cashiers
C. Implement a discretionary access control policy
D. Require an approval PIN for the cashier and a separate
approval PIN for the manager

A

D. Require an approval PIN for the cashier and a separate

approval PIN for the manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is true of a rainbow table?
(Select TWO)

A. The rainbow table is built in real-time during the attack
B. Rainbow tables are the most effective online attack type
C. Rainbow tables require significant CPU cycles at attack time
D. Different tables are required for different hashing methods
E. A rainbow table won’t be useful if the passwords are salted

A

D. Different tables are required for different hashing
methods
E. A rainbow table won’t be useful if the passwords are salted

A rainbow table is built prior to an attack to match a specific password hashing technique is used, a completely different rainbow table must be built

The use of a salt will modify the expected results of a hash. Since a salted hash will not be predictable, the rainbow tables can’t be built for these hashes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Before an application is moved into production, a company’s development
team runs a static code analyzer to identify any security vulnerabilities.
In the latest scan, the analyzer has identified seven security issues.
After reviewing the code, the development team finds that only five of
the reported vulnerabilities are actual security problems. Which of the
following would BEST describe the two incorrect vulnerability reports?

A. Normalization
B. Fuzzing
C. Obfuscation
D. False positive

A

D. False positive

A false positive is the report of an issue where no issue actually exists. In
this example, two of the seven reported security issues were false positives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of these cloud deployment models would share resources between
a private virtualized data center and externally available cloud services?

A. SaaS
B. Community
C. Hybrid
D. Containerization

A

C. Hybrid

A hybrid cloud model combines both private and public cloud infrastructures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A company hires a large number of seasonal employees, and those
contracts commonly end after the beginning of the calendar year. All
system access should be disabled when an employee leaves the company,
and the security administrator would like to verify that their systems
cannot be accessed by any of the former employee accounts. Which of the
following would be the BEST way to provide this verification?
(Select TWO)

A. Confirm that no unauthorized accounts have administrator access
B. Validate the account lockout policy
C. Audit and verify the operational status of all accounts
D. Create a report that shows all authentications for a 24-hour period
E. Validate the processes and procedures for all outgoing employees
F. Schedule a required password change for all accounts

A

C. Audit and verify the operational status of all accounts, and
E. Validate the processes and procedures for all outgoing employees
The disabling of an employee account is commonly part of the offboarding
process. One way to validate an offboarding policy is to perform an audit of
all accounts and compare active accounts with active employees.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Sam has just replaced a broken wireless access point in a warehouse. With
the new access point online, only a portion of the wireless devices are able
to connect to the network. Other devices can see the access point, but
they are not able to connect even when using the correct wireless settings.
Which of the following security features did Sam MOST likely enable?

A. MAC filtering
B. SSID broadcast suppression
C. 802.1X authentication
D. Anti-spoofing
E. LWAPP management
A

A. MAC filtering

Filtering addresses by MAC (Media Access Control) address will limit
which devices can connect to the wireless network. If a device is filtered by
MAC address, it will be able to see an access point but it will not be able to
connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A security administrator has gathered this information:
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp6 416 0 2601:4c3:4080:82.63976 yv-in-x5e.1e100..https CLOSE_WAIT
tcp6 0 0 2601:4c3:4080:82.63908 atl14s80-in-x0a..https ESTABLISHED
tcp6 0 0 fe80::4de1:1d4:8.36253 fe80::38b0:a2b1:.1025 ESTABLISHED
tcp6 0 0 fe80::4de1:1d4:8.1024 fe80::38b0:a2b1:.1024 ESTABLISHED
Which of the following is being used to create this information?

A. tracert
B. netstat
C. dig
D. nbtstat

A

B. netstat

The netstat command provides a list of network statistics, and the default
view shows the traffic sessions between the local device and other devices
on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

An attacker has discovered a way to disable a server
by sending a specially crafted packet to the operating
system. When the packet is received, the system crashes
and must be rebooted to restore normal operations.
Which of the following would BEST describe
this situation?

A. Privilege escalation
B. Spoofing
C. Replay
D. DoS

A

D. DoS

A DoS (Denial of Service) is an attack that overwhelms or disables a service to prevent the service from operating normally. A Packet that disables a server would be an example of a DoS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A data breach has occurred in a large insurance company.
A security administrator is building new servers and
security systems to get all of the financial systems back
online. Which part of the incident response process
would BEST describe these actions?

A. Lessons learned
B. Isolation and containment
C. Reconstitution
D. Precursors

A

C. Reconstitution

The recovery after a breach can be phased approach that may take months to complete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A service technician would like to protect some private information sent over email. This is information should only be viewable by the recipient. Which of these cryptographic algorithms would be the BEST choice?

A. MD5
B. HMAC
C. SHA-2
D. RC4

A

D. RC4

RC4 (Rivest Cipher 4) is the only encryption cipher in the list. All of the other algorithms are used for hashing.

MD5 (Message Digest 5) hashing algorithm and does not provide a method of encrypting and decrypting info

HMAC (Hash-based Message Authentication Code)

SHA-2 (Secure Hash Algorithm 2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Your CISO (Chief Information Security Officer) has contracted with a
third-party to identify security vulnerabilities associated with all Internetfacing systems. This organization has identified a significant vulnerability
in the newly-released firewall used in your DMZ. When you contact the
firewall company, you find there are no plans to create a patch for this
specific vulnerability. Which of the following would BEST describe this
issue?

A. Lack of vendor support
B. Improper input handling
C. Improper key management
D. End-of-life

A

A. Lack of vendor support

Security issues can be identified in a system or application at any time, so
it’s important to have a vendor that can support their software and correct
issues as they are discovered. If a vendor won’t provide security patches,
then you may be susceptible to security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

A company has decided to perform a disaster recovery exercise during
an annual meeting. This exercise will include the IT directors and senior
directors. A simulated disaster will be presented, and the participants will
discuss the logistics and processes requires to resolve the disaster. Which
of the following would BEST describe this exercise?

A. After-action report
B. Business impact analysis
C. Alternate business practice
D. Tabletop exercise

A

D. Tabletop exercise

A tabletop exercise allows a disaster recovery team to evaluate and plan
disaster recovery processes without performing a full-scale drill.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which of the following would be the MOST secure hashing method?

A. RIPEMD
B. AES
C. SHA-2
D. MD5

A

C. SHA-2

Of the available options, SHA-2 (Secure Hash Algorithm 2) is the only hashing algorithm listed that does not currently have a collision attack vector.

Not AES (Advanced Encryption Standard) because is an encryption standard and not a hashing algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

A system administrator uses an EV certificate for the corporate web server. Which of these would be the MOST likely reason for using this certificate type?

A. Adds addition encryption features over a non-EV certificate
B. Shows that additional checks have been made to validate the site owner
C. Allows the certificate to support many different domains
D. Shows that the owner of the certificate has control over a DNS domain

A

B. Shows that additional checks have been made to validate the site owner

An EV (Extended Validation) certificate is provided by a Certificate Authority after additional checks have been made to validate the certificate owner’s identity. This may require additional documentation or validation requirements with the site owners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

How can a company ensure that all data on a mobile device is
unrecoverable if the device is lost or stolen?

A. Storage segmentation
B. Geofencing
C. Screen locks
D. Remote wipe

A

D. Remote wipe

Most organizations will use a mobile device manager (MDM) to manage
mobile phones and tablets. Using the MDM, specific security policies can
be created for each mobile device, including the ability to remotely send a
remote wipe command that will erase all data on a mobile device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

A server team has just installed a new web service in the DMZ, and has
added firewall rules to allow web browser access to the service from the
Internet. After the server is active, the security team captures this network
traffic between the Internet and the server:

Accept-Encoding: gzip, deflate\r\n
Accept-Language: en-US,en;q=0.8\r\n
Cookie: _fzvid=l=PM&rv=55f9b606bb547e235476e660;
__VerificationToken=g4-iTGqsT5BA5zqYiR0FIRf29rtG8-M59Lq5Y
Cookie pair: _fzvid=l=9/16/2015 6:33:42 PM&rv=55f9b606bb547e235
Cookie pair: __VerificationToken=g4-iTGqsT69Qo87MjixNqTBDT-x8FA
Cookie pair: __fzg=g=5993ad10bb547e238cca3ff5&l
Cookie pair: _ga=GA1.2.924799034.1442428422
Cookie pair: _gid=GA1.2.110485488.1502030607
Cookie pair: __fz55facc21bb547f0ec82ad5a7=l

Which of these should the security team be MOST concerned about this
server implementation?

A. Unauthorized software
B. Data exfiltration
C. Unencrypted traffic
D. Access violations

A

C. Unencrypted traffic

Attackers can easily gather information sent across the network in the
clear, and cookie information may contain valuable information that could
be used in a replay attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Sam is a user in the accounting department, and she uses the corporate
accounting software to perform her daily job duties. Sam’s organization
uses a role-based access control model to assign permissions. Who is
responsible for managing these roles and permissions?

A. Data owners
B. Administrators
C. Users
D. Application owners

A

B. Administrators

With RBAC (Role-based Access Control), administrators define the access
that a particular role will have. As users are added to a role, they will gain
the rights and permissions that have been defined for members of that role.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which of these best describes two-factor authentication?

A. A printer that uses a password and a PIN
B. The door to a building that requires a fingerprint scan
C. An application that checks your GPS coordinates
D. A Windows Domain that requires a username, password,
and smart card

A

D. A Windows Domain that requires a username,
password, and smart card

The multiple factors of authentication used to login to this Windows
Domain are a password (something you know), and a smart card
(something you have).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

A company is deploying a new mobile application to all of its employees in the field. Some of the problems associated with this rollout include:

  • The company does not have a way to manage the mobile devices in the field
  • Company data on mobile devices in the field introduces additional risk
  • Team members have many different kinds of mobile devices

Which of the following deployment models would address these concerns?

A. Corporate-owned
B. COPE
C. VMI
D. BYOD

A

C. VMI

VMI (Virtual Mobile Infrastructure) would allow the field teams to access their applications from many different types of devices without the requirement of a mobile device management or concern about corporate data on the devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

An organization is installing a UPS for their new data center. Which of the following would BEST describe this type of control?

A. Compensating
B. Preventive
C. Administrative
D. Detective

A

A. Compensating

A compensating security control doesn’t prevent an attack, but it does restore from an attack using other means. In this example, the UPS does not stop a power outage, but it does provide alternative power if an outage occurs.

It is not Preventive because a preventive control physically limits access to a device or area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Your security team has been tasked with completing a comprehensive
study that will involve all devices in the corporate data center. Because of
the sensitive nature of your business, all of the testing must be completed
by internal team members. A requirement of the study is to identify any
security weaknesses in the operating systems or applications running on
data center hardware. There can be no downtime or data loss during the
testing process. Which of the following would best describe this project?

A. Threshold analysis
B. Vulnerability scanning
C. Fault tolerance
D. Penetration testing

A

B. Vulnerability scanning

A vulnerability scan will examine devices for potential security holes, but
it will stop short of actively exploiting a vulnerability. This process will
minimize the potential for any downtime or data loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Jack is a member of the incident response team at his company. Jack has been asked to respond to a potential security breach of the company’s databases, and he needs to gather the most volatile data before powering down the database servers. In which order should Jack collect this information?

A. CPU registers, temporary files, memory, remote monitoring data
B. Memory, CPU registers, remote monitoring data, temporary
C. Memory, CPU registers, temporary files, remote monitoring data
D. CPU registers, memory, temporary files, remote monitoring data

A

D. CPU registers, memory, temporary files, remote monitoring data

The most volatile data disappears quickly, so data such as the CPU registers and information in memory will be lost before temporary files and remote monitoring data are no longer available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Samantha, a Linux administrator, is downloading an updated version of
her Linux distribution. The download site shows a link to the ISO and a
SHA256 hash value. Which of these would describe the use of this hash
value?

A. Verifies that the file was not corrupted during the file transfer
B. Provides a key for decrypting the ISO after download
C. Authenticates the site as an official ISO distribution site
D. Confirms that the file does not contain any malware

A

A. Verifies that the file was not corrupted during
the file transfer

Once the file is downloaded, Samantha can calculate the file’s SHA256 hash and confirm that it matches the value on the website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

The security policy at a company requires that login access should only
be available if a person is physically within the same building as the
server. Which of the following would be the BEST way to provide this
requirement?

A. TOTP
B. Biometric scanner
C. PIN
D. SMS

A

B. Biometric scanner

A biometric scanner would require a person to be physically present to
verify authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Your development team has installed a new application and database to a cloud service. After running a vulnerability scanner on the application instance, you find that the database is available for anyone to query without providing any authentication. Which of these vulnerabilities is MOST associated with this issue?

A. Improper error handling
B. Misconfiguration
C. Race Condition
D. Memory leak

A

B. Misconfiguration

Just like your local systems, proper permissions and security controls are also required when information is added to a cloud-based system. If any of your systems leave an open door, your data may be accessible by anyone on the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

One of the computers in the shipping department is showing signs of a malware infection. Which of the following would be the BEST next step to completely remove the malware?

A. Run a virus scan
B. Degauss the hard drive
C. Format the system partition
D. Reimage the computer

A

D. Reimage the computer

Completely wiping the drive with a new image is an effective way to completely remove any malware from a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Which of these would best describe the use of a nonce?

A. Information encrypted with a public key is decrypted with a private key
B. Prevents replay attacks during authentication
C. Information is hidden inside of an image
D. The sender of an email can be verified

A

B. Prevents replay attacks during authentication

A nonce adds additional randomization to a cryptographic function. This means that an authentication hash sent across the network will be different for each authentication request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which of the following would be the BEST way to confirm the secure baseline of a deployed application instance?

A. Compare the production application to the sandbox
B. Perform an integrity measurement
C. Compare the production application to the previous version
D. Perform QA testing on the application instance

A

B. Perform an integrity measurement

An integrity measurement is designed to check for the secure baseline of firewall settings, patch levels, operating system versions, and any other security components associated with the application. These secure baselines may vary between different application versions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Which of the following would BEST describe a security feature based on administrative control diversity?

A. Data center cameras
B. Active directory authentication
C. Off-boarding process
D. Laptop full disk encryption

A

C. Off-boarding process

When a person leaves the organization, there needs to be a formal administrative policy on how to handle the hardware, software, and data associated with that person. These formal policies and procedures would be an important administrative control associated with defense-in-depth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

An analyst is examining the traffic logs to a server in the DMZ. The analyst has identified a number of sessions from a single IP address that appear to be received with a TTL equal to zero. One of the sessions has a destination of the Internet firewall, and a session immediately after has destination of your DMZ server. Which of the following BEST describes this log information?

A. Someone is performing a vulnerability scan against your firewall and DMZ server
B. Your users are performing a DNS lookups
C. A remote user is grabbing banners of your firewall and DMZ server
D. Someone is performing a traceroute to the DMZ server

A

D. Someone is performing a traceroute to the DMZ server

A traceroute maps each hop by slowly incrementing a TTL (Time to Live) value during each request. When the TTL reaches zero, the receiving router drop the packet and sends an ICMP (Internet Control Message Protocol) TTL Exceeded message back to the original station.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Rodney is a security administrator for a large manufacturing company.
His company has just acquired a transportation company, and Rodney has
connected the two networks together with an IPsec VPN. Rodney needs
to allow access to the manufacturing company network for anyone who
authenticates to the transportation company network. Which of these
authentication methods BEST meets Rodney’s requirements?

A. One-way trust
B. Mobile device location services
C. Smartphone software tokens
D. Two-factor authentication

A

A. One-way Trust

A one-way trust would allow the manufacturing company to trust the transportation company, but there would not be a trust in the other direction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

A company encourages users to encrypt all of their confidential materials
on a central server. The organization would like to enable key escrow as a
backup. Which of these keys should the organization place into escrow?

A. Private
B. CA
C. Session
D. Public

A

A. Private

With asymmetric encryption, the private key is used to decrypt information that has been encrypted with the public key. To ensure continued access to the encrypted data, the company must have a copy of each private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Daniel, a security administrator, is designing an authentication process
for a new remote site deployment. Daniel would like the users to provide
their credentials when they authenticate in the morning, and he does
not want any additional authentication requests to appear during the
rest of the day. Which of the following should Daniel use to meet this
requirement?

A. TACACS+
B. LDAPS
C. Kerberos
D. 802.1X

A

C. Kerberos

Kerberos uses a ticket-based system to provide SSO (Single Sign-On) functionality. You only need to authenticate once with Kerberos to gain access to multiple resources.

TACACS+ (Terminal Access Controller Access-Control System) is a common authentication method, but it does not provide any single sign-on functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

A manufacturing company would like to use an existing router to separate
a corporate network and the manufacturing floor. The corporate network
and manufacturing floor currently operate on the same subnet and the
same physical switch. The company does not want to install any additional
hardware. Which of the following would be the BEST choice for this
segmentation?

A. Connect the corporate network and the manufacturing floor
with a VPN
B. Build an air gapped manufacturing floor network
C. Use personal firewalls on each device
D. Create separate VLANs for the corporate network and the
manufacturing floor

A

D. Create separate VLANs for the corporate network and
the manufacturing floor

Creating VLANs (Virtual Local Area Networks) will segment a network
without requiring additional switches.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Hank, a security administrator has received an email from an employee regarding their VPN connection from home. When this user connects to the corporate VPN, they are no longer able to print to their network printer at home. Once the user disconnects from the VPN, the printer works normally. Which of the following would be the MOST likely reason for this issue?

A. The VPN uses IPSec instead of SSL
B. Printer traffic is filtered by the VPN client
C. The VPN is stateful
D. The VPN tunnel is configured for full tunnel

A

D. The VPN tunnel is configured for full tunnel

A split tunnel is a VPN configuration that only sends a portion of the traffic through the encrypted tunnel. A split tunnel would allow work-related traffic to securely traverse the VPN, and all other traffic would use the non-tunneled option. In this example, the printer traffic is being redirected through the VPN instead of the local home network because of the non-split/full tunnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

A data center manager has built a Faraday cage in the data center. A set
of application servers has been placed into racks inside the Faraday cage.
Which of the following would be the MOST likely reason for the data
center manager to install this configuration of equipment?
A. Protect the servers against any unwanted electromagnetic fields
B. Prevent physical access to the servers without the proper credentials
C. Provide additional cooling to all devices in the cage
D. Adds additional fire protection for the application servers

A

A. Protect the servers against any unwanted
electromagnetic fields

A Faraday cage is a mesh of conductive material that will cancel
electromagnetic fields.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

A security administrator is evaluating a monthly vulnerability report
associated with web servers in the data center. The report shows the
return of a vulnerability that was previously patched four months ago. The
report shows that the vulnerability has been active on the web servers for
three weeks. After researching this issue, the security team has found that
a recent patch has reintroduced this vulnerability on the servers. Which of
the following should the security administrator implement to prevent this
issue from occurring in the future?

A. Templates
B. Elasticity
C. Master image
D. Continuous monitoring

A

D. Continuous monitoring

It’s common for organizations to continually monitor services for any
changes or issues. A nightly vulnerability scan across important servers
would identify issues like this one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

A critical security patch has been rolled out on short notice to a large number of servers in a data center. IT management is requiring verification that this patch has been properly installed on all applicable servers. Which of the following would be the BEST way to verify the installation of this patch?

A. Use a vulnerability scanner
B. Examine IPS logs
C. Use a data sanitization tool
D. Monitor real-time traffic with a protocol analyzer

A

A. Use a vulnerability scanner

A vulnerability scanner can check the status of a vulnerability on a device and create a report of which devices may susceptible to a particular vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Which cryptographic method is used to add trust to a digital certificate?

A. X.509
B. Hash
C. Symmetric encryption
D. Digital signature

A

D. Digital Signature

A certificate authority will digitally sign a certificate. This standard format makes it easy for everyone to view the contents of a certificate authority, you can then trust the certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Which of these would be commonly used during the authentication phase of the AAA framework?

A. Username
B. Login time
C. Password
D. Access to the /home directory

A

C. Password

The authentication portion of the AAA framework is used to prove that you are who you say you are. This would include passwords and other authentication factors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

An organization maintains a large database of customer information for sales tracking and customer support. Which person in the organization would be responsible for managing the access rights to this data?

A. Data steward
B. Data owner
C. Privacy officer
D. Data custodian

A

D. Data custodian

The data custodian manages access rights and sets security controls to the data.

74
Q

An organization’s content management system (CMS) currently labels
files and documents as “Unclassified” and “Restricted.” On a recent
updated to the CMS, a new classification type of “PII” was added. Which
of the following would be the MOST likely reason for this addition?

A. Healthcare system integration
B. Simplified categorization
C. Expanded privacy compliance
D. Decreased search time

A

C. Expanded privacy compliance

The labeling of PII (Personally Identifiable Information) is often associated with privacy and compliance concerns.

75
Q

A corporate security team has performed a data center audit and found that most web servers store their certificates on the server itself. The security team would like to consolidate and protect the certificates across all of their web servers. Which of these would be the BEST way to securely store these certificates?

A. Use an HSM
B. Implement full disk encryption on the web servers
C. Use a TPM
D. Upgrade the web servers to use a UEFI BIOS

A

A. Use an HSM

An HSM (Hardware Security Module) is a high-end cryptographic hardware appliance that can securely store keys and certificates for all devices.

Its not TPM because that is used on individual devices to provide cryptographic functions and securely store encryption keys. Individual TPMs would not provide any consolidation of web server certificates

76
Q

Jennifer is reviewing this security log from her IPS:

ALERT 2018-06-01 13:07:29 [163bcf65118-179b547b]
Cross-Site Scripting in JSON Data
222.43.112.74:3332 -> 64.235.145.35:80
URL/index.html - Method POST - Query String “-“
User Agent: curl/7.21.3 (i386-redhat-linux-gnu) libcurl/7.21.3
NSS/3.13.1.0 zlib/1.2.5 libidn/1.19 libssh2/1.2.7
Detail: token=”” key=”key7” value=”

alert(2)"

Which of the following can be determined from this log information?
(Select TWO)

A. The alert was generated from a malformed User Agent header
B. The alert was generated from an embedded script
C. The attacker’s IP address is 222.43.112.74
D. The attacker’s IP address is 64.235.145.35
E. The alert was generated due to an invalid client port number

A

B. The alert was generated from an embedded script
C. The attacker’s IP address is 222.43.112.74

The details of the IPS (Intrusion Prevention System) alert show a script
value embedded into JSON (JavaScript Object Notation) data. The IPS
log also shows the flow of the attack with an arrow in the middle. The
attacker was IP address 222.43.112.74 with port 3332, and the victim was
64.235.145.35 over port 80.

77
Q

Which of the following describes a monetary loss if one event occurs?

A. ALE
B. SLE
C. RTO
D. ARO

A

B. SLE

SLE (Single Loss Expectancy) describes the financial impact of a single event.

78
Q

. Sam, the manager of the accounting department, has opened a helpdesk
ticket complaining of poor system performance and excessive pop up
messages. Her cursor is also moving without anyone touching the mouse.
This issue began after Sam opened a spreadsheet from a vendor containing
part numbers and pricing information. Sam recalls clicking through a
number of warning messages before the spreadsheet would open. Which
of the following is MOST likely the cause of Sam’s issues?

A. Man-in-the-middle
B. Worm
C. RAT
D. Logic bomb

A

C. RAT

A RAT (Remote Access Trojan) is malware that can control a computer
using desktop sharing and other administrative functions. Because the
installation program is often disguised as something else, the victim often
doesn’t realize they’re installing malware. Once the RAT is installed, the
attacker can control the desktop, capture screenshots, reboot the computer,
and many other administrative functions.

79
Q

A systems engineer in the sales department has left the
organization for a position with another company. The
engineer’s accounts were disabled on his last day with
the company, but security logs show that attempts were
made to access email accounts after the account was
disabled. Which of these security practices protected the
organization from any unauthorized access?

A. Least privilege
B. Auditing
C. Offboarding
D. Location-based policies

A

C. Offboarding

The offboarding process is a pre-planned set of tasks that occur when
someone leaves an organization. This plan documents the process of
turning over company computers, how to maintain the user’s data after
their departure, and the automatic deactivation of any company accounts.

80
Q

A security manager has created a report that shows intermittent network
communication from external IP addresses to certain workstations on the
internal network. These traffic patterns occur at random times during the
day. Which of the following would be the MOST likely reason for these
traffic patterns?

A. ARP poisoning
B. Backdoor
C. Polymorphic virus
D. Trojan horse

A

B. Backdoor

A backdoor would allow an attacker to access a system at any time without
any user intervention. If there are inbound traffic flows that cannot be
identified, it may be necessary to isolate that computer and examine it for
signs of a compromised system.

81
Q

A company has installed a new set of switches in their data center. The security team would like to authenticate to the switch using the same credentials as their existing Windows Active Directory network. However, the switches do not support Kerberos as an authentication method. Which of the following would be the BEST option for the security team’s authentication requirement?

A. Local authentication
B. LDAP
C. Multi-factor authentication
D. Captive portal

A

B. LDAP

LDAP (Lightweight Directory Access Protocol) is a common standard that works across many different operating systems. Microsoft Active Directory provides authentication using Kerberos, but it can also support LDAP.

Its not Local Authentication would create a username and password database on each individual switch. This would not provide any integration into the Active Directory database.

82
Q

A company has just deployed a new application into their production
environment. Unfortunately, a significant bug has been identified that
must be quickly corrected. The operations team will not allow any
incremental bug fixes to the production system, and instead require an
entirely new application instance deployment for any updates. Which of
the following would BEST describe this production system?

A. Immutable
B. Agile
C. IAC
D. Sandbox

A

A. Immutable

An immutable system cannot be changed once deployed. To update the
application, a new iteration must be deployed.

83
Q

A security administrator would like to increase the security of the
company’s email communication. The outgoing email server currently
uses SMTP with no encryption. The security administrator would like
to implement encryption between email clients without changing the
existing server-to-server communication. Which of the following would be
the BEST way to implement this requirement?

A. Implement Secure IMAP
B. Require the use of S/MIME
C. Install an SSL certificate on the email server
D. Use a VPN tunnel between email clients

A

B. Require the use of S/MIME

S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a way
to integrate public key encryption and digital signatures into most modern
email clients. This would encrypt all email information from client to
client, regardless of the communication used between email servers.

84
Q

A company is updating their VoIP handsets and would like to use SRTP for
all phone calls. Which of these technologies would MOST commonly be
used to implement this feature?

A. AES
B. TLS
C. Asymmetric encryption
D. SSH
E. IPS
A

A. AES

The advanced Encryption Standard (AES) cipher is used to encrypt traffic over SRTP (Secure Real-time Protocol) VoIP (Voice over IP) communication.

85
Q

A company has just purchased a new application server, and the security
director wants to determine if the system is secure. The system is
currently installed in a test environment and will not be available to your
users until the rollout to production next week. Which of the following
would be the BEST way to determine if any part of the system can be
exploited?

A. Tabletop exercise
B. Vulnerability scanner
C. Password cracker
D. Penetration test

A

D. Penetration test

A penetration test can be used to actively exploit potential vulnerabilities
in a system or application. This could cause a denial of service or loss of
data, so the best practice is to perform the penetration test during nonproduction hours or in a test environment.

86
Q

Which of the following processes uses auditing to ensure that users are traced to and held responsible for their actions?

A. Authorization
B. Authentication
C. Auditing
D. Accountability

A

D. Accountability

87
Q

The web site administrator for your company asks you about an external device to handle all encryption and decryption processing to enhance server performance. What should you recommend?

A. Trusted root certificate
B. HSM
C. TPM
D. SSL

A

B. HSM

HSMs (hardware security modules) are cryptographic processor devices that offload processing work from hosts.

88
Q

SSL/TLS operates over which protocol?

A. TCP only
B. UDP only
C. Either TCP or UDP
D. ICMP

A

A. TCP only

SSL/TLS requires a connection-oriented connection such as TCP to function, hence it will not work over UDP

89
Q

You have to configure your web application servers so that they can operate in a high-availability mode. Which of the following is the best option?

A. Affinity-based load balancing
B. Round-robin load balancing
C. Active-active scheme
D. Active-passive scheme

A

A. Affinity-based scheduling is driven by a desire to keep a host connected to the same server across a session

90
Q

You are assigning access control permissions for users and groups that reside in different geographical locations. Many users are part of the same departmental group, such as “Sales” or “Development” and share the same files, even though they reside in different locations. Which of the following access control models should you implement to most efficiently assign access permissions?

A. Organization by department
B. Organization by location
C. No overall organization
D. Organization by user role

A

A. Organization by department

Your users are more easily grouped into departments if their geographical location is less important that what departmental group they belong to. For example, all users in the Sales group will have access to the same shared files regardless of location.

91
Q

Which is the most common public-private key generation algorithm used in public key cryptography?

A. ECDH
B. RSA
C. AES
D. SHA-2

A

B. RSA (Rivest-Shamir-Adleman) is the most common public-private key generation algorithm used in public key cryptography. It is used to generate a public and private key pair.

92
Q

As the network administrator, you are setting up a method to remotely access a management server from your home office for after-hours support. Which of the following remote access methods would provide the most security?

A. Telnet
B. SSH
C. Modem dial-up
D. Web application

A

B. SSH

Secure Shell (SSH) provides an encrypted remote access channel to a host system.

93
Q

Which type of business continuity plan test involves distributing the BCP to the representative for each department to review and to verify that no major components of the BCP have been left out?

A. Checklist review
B. Structured walkthrough
C. Simulation test
D. Parallel test

A

A. Checklist review

A checklist review is one type of test where the BCP (Business Continuity Planning) is distributed to the representative for each department to individually review and to verify that no major components of the BCP have been left out

94
Q

You have discovered that one of your internal file servers has been breached. According to the access logs and the time of the incident, it appears that the attack has come from an employee internal to the organization. Which of the following actions should you perform?

A. Inspect the suspect user’s e-mail messages
B. Inspect the suspect user’s files in his home directory
C. Confront the user.
D. Contact human resources.

A

D. Contact human resources.

95
Q

A UNIX server administrator applies the latest operating system patches and disables unused user accounts. Syslog forwarding and auditing are configured along with disabling unused daemons. The daemons left running are configured to use a user account with minimal rights. Which term best describes what the administrator has done?

A. Fuzzing
B. Securitizing
C. Fortifying
D. Hardening

A

D. Hardening

96
Q

A penetration test is performed using valid userids/passwords is an example of which of the following?

A. Passive scan
B. Intrusive scan
C. Non-credentialed scan
D. Credentialed scan

A

D. Credentialed scan

97
Q

What size is the initialization vector (IV) for the Temporal Key Integrity Protocol (TKIP), used in the WPA standard?

A. 24-bit
B. 48-bit
C. 64-bit
D. 128-bit

A

B. 48-bit

98
Q

DLP solutions can perform which of the following types of blocking? (Choose all that apply.)

A. USB blocking
B. Cloud blocking
C. E-mail blocking
D. Ransomware blocking

A

A. USB blocking
B. Cloud blocking
C. E-mail blocking

It is not ransomware because DLP block data from leaving the enterprise, and ransomware typically doesn’t attempt to remove the data.

99
Q

All of the following are methods that can be used to detect unauthorized (rogue) hosts connected to the network, except:

A. DHCP logs
B. MAC filtering logs
C. NAC device logs
D. Switch logs

A

B. MAC filtering logs

MAC addresses can be spoofed, so examining MAC address on filtering logs may not provide any indication of whether a host is authorized or not

100
Q

A technician wants to employ the existing PKI infrastructure with the new wireless network. Which wireless security options require the use of PKI certificates?

A. WEP
B. WPA PSK
C. WPA2 PSK
D. EAP-TLS

A

D. EAP-TLS (Extensible Authentication Protocol - Transport Layer Security)

The others are not correct because they use pre-shared keys (PSKs) do not use PKI; the pre-shared key is a passphrase.

101
Q

Which of the following is an example of high availability?

A. Encrypted hard disks
B. File hashes for sensitive documents
C. Web server cluster
D. RAID 0

A

C. Web server cluster

A cluster consists of two or more servers working together to ensure that a service such as a web site is always available

102
Q

You have recently completed development on a new software application and have sent the first alpha version to quality assurance for testing. As part of the testing, you need to determine whether there are any known security issues due to the underlying operating system, network services, or development code. Which of the following testing methods can you use?

A. Fuzzing
B. Malware scanning
C. Vulnerability scanning
D. Penetration testing

A

C. Vulnerability scanning

A vulnerability scanner is a software program that specifically designed to scan a system via the network to determine what services the system is running and whether there are any unnecessary open network ports, unpatched operating systems, or unpatched applications

103
Q

Which of the following methods of strengthening weak keys involves generating and exchanging asymmetric keys within a particular communication session?

A. Key streaming
B. Key repetition
C. Key exchange
D. Key stretching

A

C. Key exchange

Key exchange involves generating and exchanging asymmetric keys used for a particular communication session, exchanging public keys in order to use them for public key cryptography

104
Q

Which type of cipher involves replacing one character for another?

A. Asymmetric
B. Hashing
C. Transposition
D. Substitution

A

D. Substitution

Substitution ciphers involve substituting one character for another.

105
Q

An attacker gains access to your network. She then broadcasts a transmission to all hosts with her MAC addresses as the physical address of the default gateway. What type of attack is this?

A. MAC attack
B. Broadcast attack
C. Trojan
D. ARP poisoning

A

D. ARP poisoning (Address Resolution Protocol)

ARP poisoning is an attack that updates the ARP cache on targeted hosts with a legitimate IP address (in this case, the default gateway’s) paired with an attacker’s MAC hardware address. Victimized computers directing network traffic through the default gateway will really be sending the data to the attacker’s MAC address.

106
Q

If you see a firewall rule opening UDP port 123 and TCP port 636, what protocols do you expect to see across these ports? (Choose all that apply.)

A. SRTP
B. DNSSEC
C. LDAPS
D. NTP

A

C. LDAPS
D. NTP

LDAPS uses TCP port 636 and
NTP uses UDP port 123

107
Q

What kind of vulnerability enables a malicious user to circumvent normal security mechanisms?

A. Ransomware
B. Crypto-malware
C. Keylogger
D. Backdoor

A

D. Backdoor

108
Q

Ashlyn, the senior security officer within your organization, has requested that you create a plan for an active security test that tries to bypass the security controls of an asset. What type of test would you plan?

A. Vulnerability scan
B. Penetration test
C. Risk assessment
D. Code review

A

B. Penetration test

A penetration test is considered an active test because you are actually interacting with the target system and trying to bypass the security controls.

109
Q

Your company allows a number of employees to telecommute, and others travel extensively. You have been tasked with finding a centralized solution that will allow access to shared data over the Internet. Which of the following is best?

A. NAT
B. Virtualization
C. Subnetting
D. Cloud services

A

D. Cloud services

Cloud services can enable users to perform their work via a browser, from anywhere they have Internet connectivity. This can be configured either to allow a local copy along with the cloud copy of the data, or the data can be edited directly within the cloud.

110
Q

Which of these is a technique used to execute malicious code, to social-engineer unsuspecting users, or just to generally annoy a user?

A. Certificate warnings
B. Pop-ups
C. Tabbed browsing
D. Static HTML code

A

B. Pop-ups

Pop-ups are windows that appear during a browser session. They can execute malicious code or can be used to trick users into inputting private information. At best they can also be very annoying.

111
Q

For which of the following should employees receive training to establish how to handle end-of-life and unnecessary data?

A. Clean desk policies
B. Protection of personally identifiable information on social media
C. Information classification
D. Data disposal

A

D. Data disposal

112
Q

What is the best way to generate a complex password?

A. Concatenating two words so the password length is greater then 10 characters
B. Random generation from a computer program
C. Using a passphrase
D. Using your date of birth and name together.

A

B. Random generation from a computer program

113
Q

An attacker telephones the front desk of a branch office and tells the receptionist he is the senior network engineer. He then asks the receptionist for her e-mail password due to an approaching e-mail server upgrade. What type of an attack is this?

A. E-mail
B. Man-in-the-middle
C. Social engineering
D. Telephone

A

C. Social engineering

114
Q

Which type of social engineering attack involves the attacker pretending to be an administrator, executive, or other key member of the organization?

A. Pretext attack
B. Impersonation
C. Tailgating
D. Whaling

A

B. Impersonation

115
Q

You are troubleshooting issues between your web server and LDAP server where authentication requests to the LDAP server to the LDAP server are not working properly. You set up a network protocol analyzer between the web server and LDAP server and monitor network packets and test several authentication attempts. There is a large amount of data recorded by the protocol analyzer. Which of the following ports should you search for to filter the results to show only LDAP request’s?

A. 143
B. 389
C. 110
D. 161

A

B. 389

TCP port 389 is used by the LDAP protocol. By filtering the results for this port, you will display only the information you need to troubleshoot the issue.

116
Q

Your company implements a key escrow system whereby encrypted user e-mail and files can be accessed by a trusted third party. Which key must the third party possess?

A. Escrow
B. Public
C. Private
D. Kerberos

A

C. Private

Private keys are required for decryption.

Public keys encrypt ; Private keys decrypt

117
Q

What type of server provides centralized authentication services for devices such as Ethernet switches and wireless routers?

A. DNS
B. LDAP
C. HTTP
D. RADIUS

A

D. RADIUS (Remote Authentication Dial-In User Service)

Provide centralized authentication. RADIUS clients such as wireless routers and Ethernet switches forward client requests to a RADIUS server for authentication.

118
Q

You have an employee who has been reprimanded for Internet abuse after work hours on company computers. Which of the following account restrictions would prevent the employee from further such abuse?

A. Time of day restriction
B. Account lockout
C. Account expiration
D. Account lockout duration

A

A. Time of day restriction

119
Q

An officially signed digital certificate for a new web server application can be obtained from a _______?

A. Certificate authority
B. Authentication authority
C. Certificate policy management system
D. Authorization server

A

A. Certificate authority

A certificate authority (CA) is an organization or entity that issues and manages digital certificates. The CA is responsible for authenticating and identifying users before issuing a certificate.

120
Q

You have a password rotation system that forces users to change their passwords every 90 days. Some users are simply changing their passwords back to a previous password, which is a security risk. Which of the following account security measures ensures that each user always uses a new password?

A. Password history
B. Password expiration
C. Password complexity rules
D. Disabling password rotation

A

A. Password history

121
Q

Which of the following devices typically makes requests on behalf of internal clients?

A. Firewall
B. Proxy
C. Switch
D. Router

A

B. Proxy

122
Q

Unused switch ports are disabled on your Ethernet switches. You are then asked to ensure that only the appropriate employee computers can be plugged into Ethernet wall jacks in employee cubicles. How can this be accomplished?

A. Configure each switch port to allow a specific MAC address
B. Configure each switch port to allow a specific IP address
C. Configure each switch port to allow a specific TCP port address
D. Configure each switch port to all a specific UDP port address.
C.
D.

A

A. Configure each switch port to allow a specific MAC address

123
Q

One of your Linux servers periodically hangs until you force a reboot. You decide to investigate the issue to determine what circumstances might be causing the failure. What should you do?

A. View files in the /etc directory.
B. Analyze the Linux server logs around the failure dates and times.
C. View modification time stamps for files in the /etc directory
D. Log in to the Linux host with the root account

A

B. Analyze the Linux server logs around the failure dates and times.

124
Q

Which type of log would list failed logon attempts?

A. Access log
B. Event log
C. Application log
D. Audit log

A

D. Audit log

125
Q

Which of the following types of keys is found in a key escrow?

A. Public
B. Private
C. Shared
D. Session

A

B. Private

126
Q

Despite having implemented password policies, users continue to set the same weak passwords and reused old password. Which of the following technical controls would help prevent these policy violations? (Select Two.)

A. Password expiration 
B. Password length
C. Password complexity
D. Password history
E. Password lockout
A

C. Password complexity

D. Password history

127
Q

Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?

A. Private
B. Hybrid
C. Public
D. Community

A

D. Community

128
Q

A company is currently using the following configuration:

  • IAS server with certificate-based EAP-PEAP and MSCHAP
  • Unencrypted authentication via PAP

A security administrator needs to configure a new wireless setup with the following configurations:

  • PAP authentication method
  • PEAP and EAP provide two-factor authentication

Which of the following forms of authentication are being used? (Select two)

A. PAP 
B. PEAP
C. MSCHAP
D. PEAP-MSCHAP
E. EAP
F. EAP-PEAP
A

A. PAP

C. MSCHAP

129
Q

When trying to log onto a company’s new ticketing system, some employees receive the following message: Access denied: too many concurrent sessions. The ticketing system was recently installed on a small VM with only the recommended hardware specifications. Which of the following is the MOST likely cause for this error message?

A. Network resources have been exceeded
B. The software is out of licenses
C. The VM does not have enough processing power
D. The firewall is misconfigured

A

C. The VM does not have enough processing power

130
Q

Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrates a free movie application that he installed from a third party on his corporate smartphone. Joe’s colleagues were unable to find the application in the app stores. Which of the following allowed joe to install the application? (Select two)

A. Near-field communication
B. Rooting/jailbreaking
C. Ad-hoc connections
D. Tethering
E.  Sideloading
A

B. Rooting/Jailbreaking

E. Sideloading

131
Q

Which of the following can be provided to an AAA system for the identification phase?

A. Username
B. Permissions
C. One-time token
D. Private certificate

A

A. Username

132
Q

Which of the following implements two-factor authentication?

A. A phone system requiring a PIN to make a call
B. At ATM requiring a credit card and PIN
C. A computer requiring username and password
D. A datacenter mantrap requiring fingerprint and iris scan

A

B. An ATM requiring a credit card and PIN

133
Q

Malicious traffic from an internal network has been detected on an unauthorized port on an application server. Which of the following network-based security controls should the engineer consider implementing?

A. ACLs
B. HIPS
C. NAT
D. MAC filtering

A

A. ACLs

134
Q

A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement?

A. DMZ
B. NAT
C. VPN
D. PAT

A

C. VPN

135
Q

A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements:

  • All access must be correlated to a user account.
  • All users accounts must be assigned to a single individual
  • User access to the PHI data must be recorded
  • Anomalies in PHI data access must be recorded
  • Logs and records cannot be deleted or modified

Which of the following should the administrator to implement to meet the above requirements (Select three.)

A. Eliminate shared accounts
B. Create a standard naming convention for accounts.
C. Implement usage auditing and review
D. Enable account lockout thresholds
E. Copy logs in real time to a secured WORM drive
F. Implement time-of-day restrictions
G. Perform regular permissions audits and reviews

A

A. Eliminate shared accounts
C. Implement usage auditing and review
G. Perform regular permissions audits and reviews

136
Q

Which of the following encryption methods does PKI typically use to securely project keys?

A. Elliptic curve
B. Digital signatures
C. Asymmetric
D. Obfuscation

A

B. Digital signatures

137
Q

An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?

A. False negative
B. True negative
C. False positive
D. True positive

A

C. False positive

138
Q

A department head at a university resigned on the first day of the spring semester. It was subsequently determined that the department head deleted numerous files and directories from the server-based home directory while the campus was closed. Which of the following policies or procedures could have prevented this from occurring?

A. Time-of-day restrictions
B. Permission auditing and review
C. Offboarding
D. Account expiration

A

C. Offboarding

139
Q

An organization finds that most help desk calls are regarding account lockout due to a variety of applications running on different systems. Management is looking for a solution to reduce the number of account lockouts while improving security. Which of the following is the BEST solution for this organization?

A. Create multiple application accounts for each user
B. Provide secure tokens
C. Implement SSO
D. Utilize role-based access control

A

C. Implement SSO

140
Q

When performing data acquisition on a workstation on a workstation, which of the following should be captured based on memory volatility? (Select two)

A. USB-attached hard disk
B. Swap/pagefile
C. Mounted network storage
D. ROM
E. RAM
A

B. Swap/pagefile

E. RAM

141
Q

Ann, a security administrator, has been instructed to perform fuzz-based testing on the company’s applications.

Which of the following best describes what she will do?

A. Enter random or invalid data into the application in an attempt to cause it to fault
B. Work with the developers to eliminate horizontal privilege escalation opportunities
C. Test the applications for the existence of built-in backdoors left by the developers
D. Hash the application to verify it won’t cause a false positive on the HIPS

A

A. Enter random or invalid data into the application in an attempt to cause it to fault

142
Q

An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Comany.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?

A. Certificate pinning
B. Certificate stapling
C. Certificate chaining
D. Certificate with extended validation

A

A. Certificate pinning

143
Q

A systems administrator is attempting to recover from a catastrophic failure in the datacenter. To recover the domain controller, the systems administrator needs to provide the domain administrator credentials. Which of the following account types is the system administrator using?

A. Shared account
B. Guest account
C. Service account
D. User account

A

C. Service account

144
Q

A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees?

A. WPS
B. 802.1x
C. WPA2-PSK
D. TKIP

A

A. WPS

145
Q

When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured when connecting to WPA2-PSK?

A. DES
B. AES
C. MD5
D. WEP

A

B. AES

146
Q

A company has a data classification system with definitions for “Private” and “Public”. The company’s security policy outlines how data should be protected based on type. The company recently added the data type “Proprietary”.

Which of the following is the MOST likely reason the company added this data type?

A. Reduced cost
B. More searchable data
C. Better data classification
D. Expanded authority of the privacy officer

A

C. Better data classification

147
Q

When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?

A. Owner
B. System
C. Administrator
D. User

A

C. Administrator

148
Q

A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe?

A. Deterrent
B. Preventive
C. Detective
D. Compensating

A

A. Deterrent

149
Q

A company’s user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select two)

A. Replay
B. Rainbow table
C. Brute force
D. Pass the hash
E. Dictionary
A

C. Brute force

E. Dictionary

150
Q

Ann. An employee in the payroll department, has contacted the help desk citing multiple issues with her device, including:

  • Slow performance
  • Word documents, PDFs and images no longer opening
  • A pop-up

Ann states the issues began after she opened an invoice that a vendor emailed to her. Upon opening the invoice, she had to click several security warnings to view it in her word processor. With which of the following is the device MOST likely infected?

A. Spyware
B. Crypto-malware
C. Rootkit
D. Backdoor

A

D. Backdoor

151
Q

A company is terminating an employee for misbehavior. Which of the following steps is MOST important in the process of disengagement from this employee?

A. Obtain a list of passwords used by the employee
B. Generate a report on outstanding projects the employee handled.
C. Have the employee surrender company identification
D. Have the employee sign an NDA before departing

A

C. Have the employee surrender company identification

152
Q

A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment?

A. A perimeter firewall and IDS
B. An air gapped computer network
C. A honeypot residing in a DMZ
D. An ad hoc network with NAT
E. A bastion host
A

B. An air gapped computer network

153
Q

A company hires a consulting firm to crawl it Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm?

A. Vulnerability scanning
B. Penetration testing
C. Application fuzzing
D. User permission auditing

A

A. Vulnerability scanning

154
Q

A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

A. Open wireless network and SSL VPN
B. WPA using a pre-shared key
C. WPA2 using a RADIUS back-end for 802.1x authentication
D. WEP with a 40-bit key

A

C. WPA2 using a RADIUS back-end for 802.1x authentication

155
Q

In terms of encrypting data, which of the following is the BEST described as a way to safeguard password data by adding random data to it in storage?

A. Using salt
B. Using hash algorithms
C. Implementing elliptical curve
D. Implementing PKI

A

A. using salt

156
Q

A system administrator wants to provide for an enforce wireless access accountability during events where external speakers are invited to make presentations to mixed audience of employees and non-employees. Which of the following should the administrator implement?

A. Shared accounts
B. Pre-shared passwords
C. Least privilege
D. Sponsored guest

A

D. Sponsored guest

157
Q

Which of the following would MOST likely appear in an uncredentialed vulnerability scan?

A. Self-signed certificates
B. Missing patches
C. Auditing parameters
D. Inactive local accounts

A

D. Inactive local accounts

158
Q

When identifying a company’s most valuable assets as part of a BIA, which of the following should be the FIRST priority?

A. Life
B. Intellectual property
C. Sensitive data
D. Public reputation

A

A. Life

159
Q

An organization needs to implement a large PKI. Network engineers are concerned that repeated transmission of the OCSP will impact network performance. Which of the following should the security recommend is lieu of an OCSP

A. CSR
B. CRL
C. CA
D. OID

A

B. CRL

160
Q

When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Select two)

A. Use of performance analytics
B. Adherence to regulatory compliance
C. Data retention policies
D. Size of the corporation
E. Breadth of applications support
A

B. Adherence to regulatory compliance

C. Data retention policies

161
Q

An employer requires that employees use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual, this type of access policy is BEST defined as:

A. Something you have
B. Something you know
C. Something you do
D. Something you are

A

A. Something you have

162
Q

Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility. Which of the following terms BEST describes the security control being employed?

A. Administrative
B. Corrective
C. Deterrent
D. Compensating

A

C. Deterrent

163
Q

A security analyst is hardening a web server, which should allow a secure certificate-based session using the organization’s PKI infrastructure. The web server should also utilize the latest security techniques and standards. Given this set of requirements, which of the following techniques should the analyst implement to BEST meet these requirements? (Select two)

A. Install an X- 509-compliant certificate
B. Implement a CRL using an authorized CA
C. Enable and configure TLS on the server
D. Install a certificate signed by a public CA
E. Configure the web server to use a host header

A

A. Install an X- 509-complianct certificate

C. Enable and configure TLS on the server

164
Q

A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have local server. Because there is a sensitive data within the report and the size of the report is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select three)

A. S/MIME
B. SSH
C. SNMPv3
D. FTPS
E. SRTP
F. HTTPS
G. LDAPS
A

B. SSH
D. FTPS
F. HTTPS

165
Q

An auditor is reviewing the following output from a password-cracking tool:

      user1 : Password1
      user2 : Recovery! 
      user3 : Alaskan10
      user4 : 4Private
      user5 : PerForMance2

Which of the following methods did the auditor MOST likely use?

A. Hybrid
B. Dictionary
C. Brute force
D. Rainbow table

A

A. Hybrid

166
Q

Which of the following must be intact for evidence to be admissible in court?

A. Chain of custody
B. Order of volatility
C. Legal hold
D. Preservation

A

A. Chain of custody

167
Q

A vulnerability scanner that uses its running service’s access level to better assess vulnerabilities across multiple assets within an organization is performing a:

A. Credentialed scan
B. Non-intrusive scan
C. Privilege escalation test
D. Passive scan

A

A. Credentialed scan

168
Q

Which of the following cryptography algorithms will produce a fixed-length, irreversible output?

A. AES
B. 3DES
C. RSA
D. MD5

A

D. MD5

169
Q

A technician suspects that a system has been compromised. The technician reviews the following log entry:

WARNING- hashmismatch: C:\Window\SysWOW64\user32.dll

WARNING- hashmismatch: C:\Window\SysWOW64\kernel32.dll

Based solely on the above information, which of the following types of malware MOST likely installed on the system?

A. Rootkit
B. Ransomware
C. Trojan
D. Backdoor

A

A. Rootkit

170
Q

A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?

A. The firewall should be configured to prevent user traffic from matching the implicit deny rule
B. The firewall should be configured with access lists to allow inbound and outbound traffic
C. The firewall should be configured with port security to allow traffic
D. The firewall should be configured to include an explicit deny rule

A

A. The firewall should be configured to prevent user traffic from matching the implicit deny rule

171
Q

Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two)

A. To prevent server availability issues
B. To verify the appropriate patch is being installed
C. To generate a new baseline hash after patching
D. To allow users to test functionality
E. To ensure users are trained on new functionality

A

A. To prevent server availability issues

D. To allow users to test functionality

172
Q

A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement?

A. ISA
B. NDA
C. MOU
D. SLA

A

B. NDA

173
Q

During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should react to this incident?

A. The finding is a false positive and can be disregarded
B. The Struts module needs to be hardened on the server
C. The Apache software on the server needs to be patched and updated
D. The server has been compromised by malware and needs to be quarantined

A

A. The finding is a false positive and can be disregarded

174
Q

A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container on mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two)

A. Geofencing
B. Remote wipe
C. Near-field communication
D. Push notification services
E. Containerization
A

A. Geofencing

E. Containerization

175
Q

A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert. Which of the following statements BEST indicates that the vulnerability scan meets these requirements?

A. The vulnerability scanner is performing an authenticated scan
B. The vulnerability scanner is performing local file integrity checks.
C. The vulnerability scanner is performing in network sniffer mode
D. The vulnerability scanner is performing banner grabbing

A

C. The vulnerability scanner is performing in network sniffer mode

176
Q

A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential information after working hours when no one else is around. Which of the following actions can help to prevent this specific threat?

A. Implement time-of-day restrictions
B. Audit file access times
C. Secretly install a hidden surveillance camera
D. Require swipe-card access to enter the lab

A

D. Require swipe-card access to enter the lab

177
Q

A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists from the vendor. Which of the following BEST describes why the vulnerability exists?

A. Default configuration
B. End-of-life system
C. Weak cipher suite
D. Zero-day threats

A

B. End-of-life system

178
Q

An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization’s security policy, the employee’s access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?

A. Approve the former employee’s request, as a password reset would give the former employee access to only the human resources server
B. Deny the former employee’s request, since the password reset request came from an external email address
C. Deny the former employee’s request, as a password reset would give the employee access to all the network resources
D. Approve the former employee’s request, as there would not be a security issue with the former employee gaining access to the network resources

A

C. Deny the former employee’s request, as a password reset would give the employee access to all the network resources

179
Q

Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping?

A. Encrypt it with Joe’s private key
B. Encrypt it with Joe’s public key
C. Encrypt it with Ann’s private key
D. Encrypt it with Ann’s public key

A

D. Encrypt it with Ann’s public key

180
Q

A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic’s

  • Initial IR engagement time frame
  • Length of time before an executive management notice went out
  • Average IR phase completion

The director wants to use the data to shorten the response time. Which of the following would accomplish this?

A. CSIRT
B. Containment phase
C. Escalation notifications
D. Tabletop exercise

A

D. Tabletop exercise

181
Q

To reduce disk consumption, an organization’s legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met?

A. Create a daily encrypted backup of the relevant emails
B. Configure the email server to delete the relevant emails
C. Migrate the relevant emails into an “Archived” folder
D. Implement automatic disk compression on email servers

A

A. Create a daily encrypted backup of the relevant emails

182
Q

A security administrator is configuring a new network segment, which contains devices that will accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment?

A. The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic
B. The segment should be placed in the existing internal VLAN to allow internal traffic only
C. The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic
D. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic

A

A. The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic

CompTIA Sec + (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions