Pre-Assessment Exam Flashcards
Which preventative measures protect against malware attacks? (Choose two.)
ICMP blocking rules
Alert e-mail notifications
System imaging
Data backups
System imaging
Data backups
In the event of a malware infection, systems can be quickly returned to an operational state by applying a system image. Frequent data backups enable the restoration of data prior to the malware outbreak
Stacey, a company executive, complains that her online banking credentials no longer work. After further investigation you determine that the Stacey clicked a link in a fraudulent e-mail meant to deceive bank customers. Which type of attack occurred?
Impersonation
Tailgating
Phishing
Phishing
Phishing scams attempt to convince victims to divulge sensitive information such as online banking credentials
Which type of attack involves a malicious user injecting malicious executable code into a web site that will be viewed by others?
Cross-site scripting
Cross-site request forgery
Buffer overflow
Cross-site scripting
In a cross-site scripting (XSS) attack, after malicious scripts are injected into a seemingly trusted web site, victims inadvertently execute that code when visiting the site. This can result from ineffective web form field validation
A malicious user enters a coffee shop and configures a Wi-Fi hotspot with the same name as the public Wi-Fi available in that same coffee shop. What has the malicious user configured?
MAC spoofing
IP spoofing
Evil twin
Evil twin
An evil twin is an additional Wi-Fi network configured to appear as an existing legitimate Wi-Fi network for unsuspecting users to connect to
What will detect network or host intrusions and take actions to prevent intrusions from succeeding?
IPS
IDS
IPSec
IPS
An intrusion prevention system (IPS) actively monitors network or system activity for abnormal activity and also takes steps to stop it. Abnormal activity can be detected by checking for known attack patterns (signature-based) or variations beyond normal activity (anomaly-based)
You must purchase a network device that supports content filtering and virus defense for your LAN. What should you choose?
NAT router
HIPS
Web security gateway
Web security gateway
Web security gateways can perform deep packet inspection (content) to filter network traffic. They also include the ability to detect and deal with malware
A router must be configured to allow traffic from certain hosts only. How can this be accomplished?
ACL
Subnet
Proxy server
ACL
Access control lists (ACLs) are router settings that allow or deny various types of network traffic from or to specific hosts
Your company issues smart phones to employees for business use. Corporate policy dictates that all data stored on smart phones must be encrypted. To which fundamental security concept does this apply?
Confidentiality
Integrity
Availability
Confidentiality
Confidentiality ensures that data is accessible only to those parties who should be authorized to access the data. Encrypting data stored on smart phones protects that data if the phone is lost or stolen
To give a contractor quick network access, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?
Separation of duties
Least privilege
Job rotation
Least privilege
The least privilege principle states users should be given only the rights needed to perform their duties and nothing more. Adding a contractor to the Administrators group grants too much privilege to the contractor
Complex passwords are considered which type of security control?
Management
Technical
Physical
Technical
Technical security controls are put in place to protect computing resources such as files, web sites, databases, and so on. Passwords prevent unauthorized users from accessing network resources
You are responsible for completing an IT asset report for your company. All IT-related equipment and data must be identified and given a value. What term best describes this action?
Asset identification
Risk assessment
Threat analysis
Asset identification
Asset identification involves identifying assets (including data) and associating a value with them. This can then be used to justify expenditures to protect these assets
An insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?
ALE
ROI
Total cost of ownership
ALE
The annual loss expectancy (ALE) value is used with quantitative risk analysis approaches to prioritize and justify expenditures that protect from potential risks. For example, an ALE value of $1000 might justify a $200 annual expense to protect against that risk
Which of the following physical access control methods do not normally identify who has entered a secure area? (Choose two.)
Mantrap
Hardware locks
Fingerprint scan
Smartcard
Mantrap
Hardware locks
Mantraps are designed to trap trespassers in a restricted area. Some mantrap variations use two sets of doors, one of which must close before the second one opens. Traditional mantraps do not require access cards. Hardware locks simply require possession of a key. Neither reveals the person’s identity
Turtle Airlines has hired you to ensure that its customer reservation system is always online. The software runs and stores data locally on the Linux operating system. What should you do?
Install two Linux servers in a cluster. Cluster the airline software with its data being written to shared storage.
Install a new Linux server. Ensure that the airline software runs from the first server. Schedule airline data to replicate to the new Linux server nightly.
Configure the Linux server with RAID 5.
Install two Linux servers in a cluster. Cluster the airline software with its data being written to shared storage.
Clustering software between two servers will enable the customer reservation system to function even if one server fails, because the data is not stored within a single server; it exists on shared storage that both cluster nodes can access
Juanita uses the Firefox web browser on her Linux workstation. She reports that her browser home page keeps changing to web sites offering savings on consumer electronic products. Her virus scanner is running and is up to date. What is causing this problem?
Firefox on Linux automatically changes the home page every two days.
Juanita is experiencing a denial of service attack.
Juanita’s browser configuration is being changed by adware.
Juanita’s browser configuration is being changed by adware.
Adware attempts to expose users to advertisements in various ways, including through pop-ups or changing the web browser home page. Spyware often analyzes user habits so that adware displays relevant advertisements. Some antivirus software also scans for spyware, but not in this case
What type of malware dynamically alters itself to avoid detection?
Chameleon malware
Polymorphic malware
Changeling malware
Polymorphic malware
Polymorphic malware dynamically adjusts itself to avoid detection while maintaining its original functionality
A user on your network receives an e-mail from the bank stating that there has been a security incident at the bank. The e-mail continues by asking the user to log on to her bank account by following the link provided and verify that her account has not been tampered with. What type of attack is this?
Phishing
Spam
Dictionary attack
Phishing
Phishing is when the hacker e-mails a victim and hopes she clicks the link that leads her to a fake site (typically a bank). At this point, the hacker hopes the user types information into the fake site (such as bank account information) that he can use to gain access to her real account
Which of the following refers to unauthorized data access of a Bluetooth device over a Bluetooth wireless network?
Bluejacking
Bluesnarfing
Packet sniffing
Bluesnarfing
Bluesnarfing is the act of connecting to and accessing data from a device over a Bluetooth wireless connection. It is considered much more invasive than packet sniffing or port scanning
What type of attack involves the hacker inserting client-side script into the web page?
XSS
Watering hole attack
ARP poisoning
XSS
Cross-site scripting (XSS) is an attack that involves the hacker inserting script code into a web page so that it is then processed and executed by a client system
The process of disabling unneeded network services on a computer is referred to as what?
Patching
Fuzzing
Hardening
Hardening
Hardening includes actions such as disabling unneeded services to make a system more secure
How can you prevent rogue machines from connecting to your network?
Deploy an IEEE 802.1x configuration.
Use strong passwords for user accounts.
Use IPv6.
Deploy an IEEE 802.1x configuration.
The IEEE 802.1x standard requires that devices be authenticated before being given network access. For example, this might be configured for VPN appliances, network switches, and wireless access points that adhere to the IEEE 802.1x standard
ou would like to focus and track malicious activity to a particular host in your DMZ. What should you configure?
Honeynet
Honeypot
DMZ tracker
Honeypot
A honeypot is an intentionally vulnerable host used to attract and track malicious activity
A security auditor must determine what types of servers are running on a network. Which tool should be used?
Network mapper
Protocol analyzer
Port scanner
Network mapper
Network mapping utilities such as the open source Cheops tool can map a network’s layout and identify operating systems running on hosts
Which type of security testing provides detailed network configuration information to testers?
White box
Black box
Gray box
White box
A white-box test provides testers with detailed configuration information regarding the software or network they are testing
The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. What term describes their actions?
Cross-site scripting
Fuzzing
Patching
Fuzzing
Fuzzing is a means of injecting unexpected data into an application to test for weaknesses
Which solution can centrally authenticate users between different organizations?
RADIUS
RADIUS federation
EAP-FAST
RADIUS federation
RADIUS federation required a trusted identify provider in one organization. Edge devices forward authentication requests only to a RADIUS server located on a protected network
What can be done to protect data after a handheld device is lost or stolen?
Enable encryption.
Execute a remote wipe.
Enable screen lock.
Execute a remote wipe.
Remotely wiping a device if it is lost or stolen clears apps, data, and settings from the device
Which of the following correctly identifies an operating system that meets specific government or regulatory security standards?
Hardened OS
Trusted OS
Security OS
Trusted OS
A trusted OS is a secured operating system that meets or exceeds stringent security standards
Which standard is a firmware solution for drive encryption?
TPM
DLP
EFS
TPM
Trusted Platform Module (TPM) chips can store cryptographic keys or certificates used to encrypt and decrypt drive contents. If the drive was moved to another computer (even one with TPM), the drive would remain encrypted and inaccessible
Your company has issued Android-based smart phones to select employees. Your manager asks you to ensure that data on the smart phones is protected. How do you address your manager’s concerns?
Implement SCADA, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.
Implement PKI VPN authentication certificates, screen locking, device encryption, and anti-malware, and disable unnecessary software on the phones.
Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones.
Implement screen locking, device encryption, patching, and anti-malware, and disable unnecessary software on the phones.
Hardening a smart phone includes configuring automatic screen locking, encrypting data on the device, patching the OS and required apps, installing and updating anti-malware, and disabling unnecessary features and software
Encrypting stored data is referred to as
Data-in-process
Data-in-transit
Data-at-rest
Data-at-rest
Data-at-rest is data stored on media
Which term best describes sensitive medical information?
PHI
TLS
PII
PHI
Protected health information (PHI) refers to sensitive medical information stored and accessed in a secured manner
Which of the following is considered multi-factor authentication?
Building access card/smart card
Username/password/smartcard
Username/password/access code
Username/password/smartcard
Usernames and passwords constitute “something you know,” while a smartcard is “something you have”
You are evaluating public cloud storage solutions. Users will be authenticated to a local server on your network that will allow them access to cloud storage. Which identity federation standard could be configured to achieve this?
LDAP
SSL
SAML
SAML
Security Assertion Markup Language (SAML) is an XML standard that defines how authentication and authorization data can be transmitted in a federated identity environment
Which data forensic term encompasses documenting all aspects of evidence to ensure its integrity?
Legal hold
Encryption
Chain of custody
Chain of custody
The chain of custody ensures that the whereabouts of evidence can be accounted for at all time, including who accessed the evidence
The Human Resources department in your company has a policy for conducting thorough background checks before hiring new employees. What type of control is this?
Administrative
Least privilege
Technical
Administrative
Hiring practices are administrative controls
Which type of card can be used to access computer systems as well as buildings? Choose the best term.
Smart card
CAC
Hardware token
CAC
Common access cards (CAC) grant access to multiple items
Which cryptographic approach uses points on a curve to define public and private key pairs?
RSA
DES
ECC
ECC
Elliptic curve cryptography (ECC) is public key cryptography based on points on an elliptic curve
Your colleagues report that there is a short timeframe in which a revoked certificate can still be used. Why is this?
The CRL is published periodically.
The CRL is published immediately but must replicate to all hosts.
The CRL lists only revoked certificate serial numbers; it is not used in any way.
The CRL is published periodically.
The CRL is not published immediately; it is published either manually or on a schedule, so there may be a small timeframe in which revoked certificates can still be used
Which IPSec mode encrypts not only the payload but all packet headers?
AH
Tunnel
Transport
Tunnel
Tunnel mode encrypts the entire packet and adds new headers. This is often used for IPSec VPNs