Q+A Flashcards
You want to use a more secure version of FTP for transferring files. What are two options?
SFTP and FTPS
What is known as when traffic to a website is redirected to another illegitimate site?
Pharming
In an attempt to gain access to discarded company documents, what social engineering attack would a person implement?
Dumpster Diving
What is the more advanced replacement for RADIUS?
Diameter
What port does TACACS+ use?
Port 49
What port does SSH use?
Port 22
What port does TFTP use?
Port 69
You surmise that a user;s session was interrupted by an attacker who inserted malicious code into the network traffic. What attack has occurred?
Man-in-the-middle (MITM)
What algorithm depends on the inability to factor large prime numbers?
RSA (Rivest, Shamir, Adleman)
Greg needs to centralize the authentication of multiple networking systems against a single user database. What is he trying to implement?
Single sign-on (SSO)
What fire extinguisher should be used to put out metal fires suck as the kind created by magnesium or titanium?
Class D
What protocol uses port 443?
HTTPS (SSL and TLS)
You work as a network admin for your organization and use a tool to capture ICMP, HTTP, and FTP, and other packets of information. Which tool should you use.
Protocol Analyzer
You are in charge of recycling computers. Some of the computers have hard drives that contain personally identifiable information (PII). what should be done to the hard drive before it is recycled.
The hard drive should be sanitized.
What port and transport mechanism does TFTP use by default?
69 and UDP
A user receives an encrypted message that was encrypted using asymmetric cryptography. What does this recipient deed to decrypt the messagae
Recipient’s private key
What tool should you use to identify network spike activity?
Protocol Analyzer
One of your database servers is mission-critical. You cannot afford any downtime. What is the best item to ensure minimal downtime of the server and ensure fault tolerance of the data stored on the database server?
RAID (Redundant Array of Inexpensive Disks)
You get an automated call from what appears to be your bank. The recording asks you to state your name and birthday and enter you account number to validate your identity. what type of attack has been perpetuated against you.
Vishing
Which network authentication protocol uses symmetric key cryptography, stores a shared key for each network resource and uses a Key Distribution Center (KDC)?
Kerberos
What port does PPTP use?
Port 1723
Which service uses port 49?
Terminal Access Controller Accesses-Control System Plus (TACACS+)
What port does RDP use?
port 3389
What port does L2TP use?
Port 1701
What kid of threat is a virus designed to format a computer’s hard drive on a specific calendar day?
Logic Bomb
What port does Kerberos use?
Port 88
What is a hardware chip that stores encrypted keys and resided on a motherboard?
Trusted platform module (TMP)
What protocol uses port 22?
SSH (also SCP and SFTP)
What port does DNS use?
Port 53
An attacker uses a method that is meant to obtain information from a specific person. what type of attack is this?
Spear Phishing
Your organization has several logins necessary to gain access to several different sets of resources. what access control method could be used to solve this problem.
Single Sign-on (SSO)
What should you be most concerned with when transferring evidence?
Chain of Custody
Which type of cable doesn’t suffer from EMI?
Fiber optic
What is an area of the network infrastructure that enables a person to put public-facing systems into it without compromising the entire infrastructure?
DMZ (demilitarized zone)
Your high-tech server room needs a quality fire suppression system. What is the most appropriate type of fire suppression system to install?
Gaseous fire suppression
What port and transport mechanism protocol must be opened on a firewall to allow incoming SFTP connections?
22 and TCP
What grouping of computers is used to start a DDoS attack?
Botnet
You have been commissioned by a customer to implement a network access controlmodel that limits remote users network usage during normal business hours only. You create one policy that applies to all the remote users. What access control model are you using
Role-based access control (RBAC)
You’re designing security for an application into it. You need to ensure that all task relating to the transfer of money you require actions by more than one user through a series of checks and balances. What access control methods should use injure?
Separation of duties
One where does the telnet use?
Port 23
What kind of attack would a flood guard protect from?
SYN attack
What what does SFTP use ?
Port 22
You have implemented an X.509 PKI. One of the private keys has been compromised before the certificate’s regular expiration date. What should you do?
Revoke the certificate
What will stop network traffic when the traffic is not identified in the firewall rules set
Implicit deny
Allison wishes to send a file to bob using a PKI. What type of key and Alice used he signed a file?
Alice’s private key
Thumb drives can be used to compromise systems and enabled unauthorized access. in this scenario, what kind of malware was most likely installed on the thumb drive
Trojan
You have been contracted to determine if network activity spikes are related to an attempt by an attacker to breach the network. The customer wants you to identify when the activity of occurs and what type of network traffic clauses the activity what type of schools should you use
Protocol analyzer
Your boss has instructed you to shred some confidential documents. What threat does this mitigate?
Dumpster diving
What port does FTPS use?
Port 989 (and 990).
A proximity card is an example of something a user________________.
Has
You have collected login information, file access information, security log files, and unauthorized security violations. What is this collection known as?
Audit trail
A password would be characterized as something a user___________.
Knows
You perform several wardriving routes in your company’s campus and take note of the large number on of unauthorized devices. What are these devices?
Rogue access points
Users on your network or identified with tickets. What system is being used?
kerberos
NTLM is an improved version of what?
LANMAN
A virus is designed to format a hard drive on a specific day. What kind of threat is this?
Logic bomb
Voice recognition is an example of something a user _______________.
does
Besides applying patches, what is the most important aspect of hardening and operating system.?
Disabling unnecessary services
Users are required to login to the network. They use the smartcard to do so. What type of key does the smartcard use to login to the network.?
Private key
You want to secure down a passing between two points on an IP Network. What method should you use to protect from all but the most sophisticated APT’s?
Transport encryption
Mantraps can be used to prevent what type of social engineering attack?
Tailgating
What is it when an application accepts more input and it was originally expecting?
Buffer overflow
Your organization implement a policy in which accounting staff needs to be crossed trained in various banking software to detect possible fraud. What is this an example of?
Job rotation
Which attack is best described as an attacker capturing part of the communication, and then later sending some or all that communication to a server while pretending to be the original client?
Replay attack
What work is SNMP use?
Port 161 (and 162).
What port is required by an E commerce website server running SSL?
Port 443 (inbound).
Which inbound port must be opened on a server to a allow the user to log in remotely?
3389
What port does syslog use?
Port 514.
What are Bcrypt and PBKDF2 examples of?
Key lengthening software.
You look through some graphic files and discover that confidential information has been encoded into the files. These files are being sent to a sister company outside your organization. What is this an example of?
steganography
You check the application log of your web server and see that someone attempted unsuccessfully to enter the text test; etc/password into an HTML form fields. What attack was attempted?
Command injection
Your boss has asked you to reduce an AP’s Power setting, and place the AP in the center of your building. What reconnaissance method is your boss trying to prevent?
Wardriving
You scan the network and find a counterfeit access point that is using the same SSID as an already existing access point. What is this an example of?
Evil twin.
What is it known as when resources that are not given access are denied default?
Implicit deny
One of your users complains that files are being randomly renamed and deleted. The last action the user talk was to download and install a new screen saver on the computer. The user says that the file activity started immediately after installation of the screen saver what would be the best description for the screensaver?
Trojan horse
The IT director asks you to protect the server’s data from unauthorized access and disclosure. What is this an example of?
Confidentiality
What programming technique can stop buffer overflow attacks?
Input validation.
Your organization uses a type of cryptography that provides that security but uses smaller key sizes and utilizes logarithms that are calculated against a finite field. What type of cryptography does your organization use ?
Elliptic curve.
What is used to validate whether trust is in place and accurate by returning responses of: “good”, “unknown”, or “revoked”?
Online Certificates Status Protocol (OCSP).
What protocol uses port 19?
CHARGEN
You’ve completed the deployment of PKI with a new organization’s network. Legally you’re required to implement a way to provide description keys to a governmental third party on an as needed basis. What should you implement?
Key escrow.
You’re the security of Administrator for the company ABC Accouning, inc. The IT director has given rights to you allowing you to review logs and update Network Devices only. Other rights are given out to the network administrators for the areas that fall within their job description. What kind of access control is this?
Least privilege.
Your LAN is isolated from the Internet by a perimeter network. You suspect that someone is trying to gather information about your LAN. The IT director asks you to gather as much information about the attacker as possible while preventing the attacker from knowing that the attempts has been detected. What is the best method to accomplish this?
Deploy a honeypot in the perimeter network.
What port does RADIUS use?
Port 1812 (and 1813).
The security company you work for has been contracted to discern the security level of a software application. The company building the application has given you the login details, production documentation, a test environment, and the source code. That testing type is present?
White-box testing
You notice that a computer is communicating with an unknown IRC server, and it is also scanning older systems on your network. What threat have you discovered?
Botnet
What transport protocol and port number does Secure Shell use?
TCP (Transmission Control Protocol) Port 22
You and several others in the IT team are deciding on an access control model. The IT director wants to implement the strictest access control model available, ensuring that data is kept as secure as possible. What access control model should you and your IT team use?
Mandatory Access Control
What is software designed to gain admin-level control over a computer system?
Rootkit
What port does LDAP over TLS/SSL use?
Port 636
What port does LDAP use?
Port 389
What enables an attacker to hide the presence of malicious code by altering its Registry entries?
Rootkit
What protocol uses port 53?
DNS
What port does SSL use?
Port 443
You investigate an executive’s laptop to find a system-level kernel module that is modifying the operating system’s functions. What is this an example of?
Rootkit
What is the service provided by message authentication code?
Integrity
A fingerprint is an example of something a user _________.
is
What protocol uses port 514?
Syslog
What protocol makes use of a supplicant authenticator, and authentication server?
802.1X
What social engineering attack relies on impersonation in an attempt to gain personal information?
Phishing