Q&A Flashcards
A company has implemented a public-facing authentication system that uses PKI and extended attributes to allow third-party, web-based application integration.
Which of the following is this an example of? (Select THREE).
A.
Federation
B.
Two-factor authentication
C.
Transitive trust
D.
Trusted OS
E.
Single sign-on
F.
TOTP
G.
MAC
A,C,E
A - Federation allows for third party access. You could create a federated network with this method.
C - Transitive trust, because with public keys you need A computer to trust B, B to trust C, and therefore C to trust A.
E - Allows one user to use one set of login credentials across multiple applications. Necessary in this case to improve ease of use.
A security administrator is seeking a secure way to send emails to a subcontractor without requiring user action. Which of the following would BEST provide security
between email gateways?
A.
SSL
B.
PGP
C.
HTTPS
D.
S/MIME
E.
TLS
F.
E
TLS - Transport Layer Security - newer updated SSL. That’s why it’s the answer.
Not S/Mime because that’s for email encryption
Pgp for same reason
Https is internet
SSL standard security link for web browser and server
SSH for operating network services over an unsecured network, again not email
An administrator must change the IP address of the corporate web server. Since this is a critical web server, downtime must be kept to a minimum. To minimize
downtime as much as possible, which of the following DNS properties should be changed well before the actual IP change?
A.
PTR
B.
TTL
C.
SRV
D.
A
B.
Time to Live. I don’t know why. Find out later.
Ann, a security administrator, needs to implement a transport encryption solution that will enable her to detect attempts to sniff packets. Which of the following could
be implemented?
A.
Eliptical curve algorithms
B.
Ephemeral keys
C.
Quantum cryptography
D.
Steganography
C
Quantum Cryptography - If you eavesdrop on this type of crptography it’ll be immediately obvious
A security administrator wants to implement a multi-factor, location-based authentication system. The authentication system must incorporate something unique
about each user. Which of the following are user authentication factors that can be used by the system? (Select THREE).
A.
IP address
B.
Employee ID
C.
Username
D.
Unique identification number
E.
Keyboard timing
F.
Password
A,E,F
What you have, what you know, where you are, what you do,
A - IP address where you are
E - Keyboard timing - something you do
F - Password something you know
An organization’s security policy requires secure file transfers to and from internal hosts. An employee is attempting to upload a file using an unsecure method to a
Linux-based dedicated file server and fails. Which of the following should the employee use to transfer the file?
A.
FTP
B.
HTTPS
C.
SSL
D.
SCP
E.
TLS
D
SCP - Secure Copy, uses SSH to send files securely and unattended. similar to FTPS
After a private key has been compromised, an administrator realized that downloading a CRL once per day was not effective. The administrator wants to
immediately revoke certificates. Which of the following should the administrator investigate?
A.
CSR
B.
PKI
C.
IdP
D.
OCSP
D
OCSP - Online certificate status protocol. Used to obtain revocation status X.509 digital certificates.
Used instead of CRL because it contains less info and puts less strain on the network.
A network administrator discovers that telnet was enabled on the company’s Human Resources (HR) payroll server and that someone outside the HR subnet has
been attempting to log into the server. The network administrator has disabled telnet on the payroll server. Which of the following is a method of tracking attempts
to log onto telnet without exposing important telnet data.
A.
Banner grabbing
B.
Active port monitors
C.
Honeypot
D.
B.
Active port monitors. You can see traffic coming on the telnet port (TCP 23).
A security administrator is troubleshooting a network connectivity issue. The administrator believes that a router’s ACL may be blocking network traffic to a remote
network. Which of the following, if enabled, would confirm the administrator’s theory by providing helpful feedback?
A.
DNS
B.
NAT
C.
NetBIOS
D.
ICMP
D.
ICMP - Internet control message protocol is used for error reporting and testing connectivity between hosts.
A CA is attempting to publicize the acceptable parameters for certificate signing requests. Which of the following should a server administrator use to fulfill the
requirements of the CA?
A.
Interconnection security agreement
B.
Certificate templates
C.
Client-side certificates
D.
Software token
B.
Certificate templates - Read the question better. Using a certificate template just makes sense here, There are releasing the acceptable parameters. Make a template to fufill them.
A company uses digital signatures to sign contracts. The company requires external entities to create an account with a third-party digital signature provider and
sign an agreement stating they will protect the account from unauthorized access. Which of the following security goals is the company trying to address in the
given scenario?
A.
Availability
B.
Non-repudiation
C.
Authentication
D.
Confidentiality
E.
Due diligence
B.
Non-repudiation - assurance that someone cannot deny something. That’s why they get a signature.
A datacenter has suffered repeated burglaries that lead to equipment theft and arson. In the past, the thieves have demonstrated a determination to bypass any
installed safeguards. After mantraps had been installed to prevent tailgating, the thieves crashed through the wall of the datacenter with a vehicle after normal
business hours. Which of teh following options could further improve the physical safety and security of the datacenter? (select TWO).
A.
Cipher locks
B.
CCTV
C.
Escape routes
D.
K-rated fencing
E.
FM200 fire suppression
Really read the questions, man. This one is C,D
C - Escape routes. Key words here were improve the safety. ouch.
D - K rated fencing, already made sense.
The content of a document that is routinely used by several employees and contains confidential information has been changed. While investigating the issue, it is
discovered that payment information for all teh company’s clients has been removed from the document. Which of the following could be used to determine who
changed the information?
A.
Audit logs
B.
Server baseline
C.
Document hashing
D.
Change management
A. Audit Logs
Audit logs will show who accessed the data. Change management wouldn’t be under suspicious circumstances.
An organization experienced a fire at its datacenter and was unable to operate at that location. The company moved to a location where HVAC and power are
available, but must supply and configure its own computing resources in order to provide services. The company has relocated to a:
A.
hot site
B.
co-location site
C.
warm site
D.
cold site
D. Cold site
Cold site - Alternate location that is not actively online. Infrastructure must be installed and configured.
Hot site - Active location that has redundant systems with current data. Very expensive.
Warm site - Inbetween option. Has some infrastructure up and running. Racks power HVAC but need to copy over data.
A penetration tester is attempting to determine the operating system of a remote host. Which of the following will provide this information?
A.
Protocol analyzer
B.
Honeypot
C.
Fuzzer
D.
Banner grabbing
D.
Banner grabbing is usually used to find out what ports are open, but I guess it can also be used for finding out the OS of a remote host.
A company is providing mobile devices to all its employees. The system administrator has been tasked with providing input for the company’s new mobile device
policy. Which of the following are valid security concepts that the system administrator should include when offering feedback to management? (Select TWO)
A.
Transitive trust
B.
Asset tracking
C.
Remote wiping
D.
HSM
E.
Key management
C,E
Remote wiping - obvious if device is stolen secure policy to wipe it.
Key management, should have public private key for mobile devices as well. Moreover no other answers make sense.
An organization that uses a cloud infrastructure to present a payment portal is using:
A.
software as a service
B.
platform as a service
C.
monitoring as a service
D.
infrastructure as a service
A.
Should’ve got this one, but it happens. Was tempted by platform even though a payment portal is purely software.
A network administrator is in the process of developing a new network security infrastructure. One of the requirements for the new system is the ability to perform
advanced authentication, authorization, and accounting. Which of the following technologies BEST meets the stated requirement?
A.
Kerberos
B.
SAML
C.
TACACS+
D.
LDAPS
C. TACACS+
Newest tech developed my military. Very secure. Still somewhat of a guess, probably need further research.
A recent policy change at an organization requires that all remote access connections to and from file servers at remote locations must be encrypted. Which of the
following protocols would accomplish this new objective? (Select TWO).
A.
TFTP
B.
SSH
C.
FTP
D.
RDP
E.
HTTP
B,D
Tftp is not right, that’s trivial file transfer protocol. Very insecure.
SSH - secure shell, definitely encrypted.
RDP - Remote desktop protocol. Encrypted but wording through me off.
In order to establish a connection to a server using secure LDAP, which of the following must be installed on the client?
A.
Server public key
B.
Subject alternative names certificate
C.
CA anchor of trust
D.
Certificate signing request
A.
Lightweight directory access protocol. Secure LDAP Goes over port 636 and uses SSL/TLS.
Makes sense to need a public key, but this one is a little confusing.
A security administrator receives an IDS alert that a single internal IP address is connecting to several known malicious command and control domains. The
administrator connects to the switch and adds a MAC filter to Port 18 to block the system from the network.
BEFORE AFTER
MAC Address VLAN Port MAC Address VLAN Port
67A7.353B.5064 101 4 67A7.353B.5064 101 4
7055.4961.1F33 100 9 7055.4961.1F33 100 9
0046.6416.5809 101 21 0046.6416.5809 101 21
7027.0108.31B5 100 16 7027.0108.31B5 100 16
5243.6353.7720 101 6 5243.6353.7720 101 6
1484.A471.6542 100 2 1484.A471.6542 100 2
80C7.8669.5845 101 7 80C7.8669.5845 101 7
7513.77B9.4130 101 18 0046.6419.5809 101 18
5A77.1816.3859 101 19 5A77.1816.3859 101 19
8294.7E31.3270 100 8 8294.7E31.3270 100 8
A few minutes later, the same malicious traffic starts again from a different IP. Which of the following is the MOST likely reason that the system was able to bypass
the administrator’s MAC filter?
A.
The system is now ARP spoofing a device on the switch.
B.
The system is now VLAN hopping to bypass the switch port MAC filter.
C.
The system is now spoofing a MAC address.
D.
The system is now connecting to the switch.
C.
That’s how you would get past a MAC filter.
A company has classified the following database records:
OBJECT CONFIDENTIALITY INTEGRITY AVAILABILITY
First Name LOW MEDIUM LOW
Last Name LOW MEDIUM LOW
Address MEDIUM HIGH LOW
Bank Account Number HIGH HIGH MEDIUM
Credit Card Number HIGH HIGH MEDIUM
Which of the following is a management control the company can implement to increase the security of the above information with respect to confidentiality?
A.
Implement a client based software filter to prevent some employees from viewing confidential information.
B.
Use privacy screen on all computers handling and displaying sensitive information.
C.
Encrypt the records which have a classification of HIGH in the confidentiality column.
D.
Disseminate the data classification table to all employees and provide training on data disclosure.
D.
Not sure how to learn this one. I think the key word is management control, meaning training employees, as encrypting data or the other options aren’t a management control.
Which of the following remote authentication methods uses a reliable transport layer protocol for communication?
A.
RADIUS
B.
LDAP
C.
TACACS+
D.
SAML
C
TACACS+ TCP(port 49). This is more secure than RADIUS because entire communication is encrypted.
More imporantly it’s more reliable because it is connection oriented unlike UDP, which RADIUS uses.
During a recent audit, it was discovered that the employee who deploys patches also approves the patches. The audit found there is no documentation supporting
the patch management process, and there is no formal vetting of installed patches. Which of the following controls should be implemented to mitigate this risk?
(Select TWO).
A.
IT contingency planning
B.
Change management policy
C.
Least privilege
D.
Separation of duties
E.
Dual control
F.
Mandatory job rotation
B,D
Change management policy, makes sense as there was no policy for that in place. It’s a necessary component to this situation.
Separation of duties - the guy who deploys patches shouldn’t approve them as well. Not ideal.
Which of the following should be used to implement voice encryption?
A.
SSLv3
B.
VDSL
C.
SRTP
D.
VoIP
C.
SRTP:The Secure Real-time Transport Protocol. The PowerSec supports the use of SRTP media encryption (RFC 3711). … Each voice call needs two encryption keys.
Not familiar with any of these except D. but now I know. SRTP can encrypt VoIP.
Which of the following types of attacks are MOST likely to be successful when using fuzzing against an executable program? (Select TWO).
A.
SQL injection
B.
Session hijacking
C.
Integer overflow
D.
Buffer overflow
E.
Header manipulation
A,D
Fuzzing is throwing random data at an application in an attempt to crash it or find a vulnerability.
SQL injection I suppose could be used in this case. Throwing random SQL queries in an attempt to break or breach the app.
Buffer Overflow is writing more data than the buffer can handle. Nice. That’s a fuzzing attack in a nutshell.
A security administrator has detected the following pattern in a TCP packer: URG=1, ACK=1, PSH=1, RST=1, SYN=1, FIN=1. Which of the following attacks is this
an example of?
A.
Replay
B.
Spoofing
C.
Xmas
D.
DDoS
C.
Xmas - Lighting up the network. Trying to fingerprint the system or map it. TCP Header information looks like that when it’s been lit up. It’s either a 1 or a 0.
The network engineer for an organization intends to use certificate-based 802.1X authentication on a network. The engineer’s organization has an existing PKI that
is used to issue server and user certificates. The PKI is currently not configured to support the issuance of 802.1X certificates. Which of the following represents an
item the engineer MUST configure?
A.
OCSP responder
B.
Web enrollment portal
C.
Symmetric cryptography
D.
Certificate extension
D,
Another one where a guess is in order. An extension makes sense, and the other answers really don’t. Just respect the wording. Ask yourself what makes the most sense.
Which of the following network design components would assist in separating network traffic based on the logical location of users?
A.
IPSec
B.
NAC
C.
VLAN
D.
DMZ
D.
DMZ. None of the others are really location based. Used to provide public facing resources. That’s the logical separation I guess. They are outside of the network and want to come in.
A server administrator is investigating a breach and determines that an attacker modified the application log to obfuscate the attack vector. During the lessons
learned activity, the facilitator asks for a mitigation response to protect the integrity of the logs should a similar attack occur. Which of the following mitigations would
be MOST appropriate to fulfill the requirement?
A.
Host-based IDS
B.
Automated log analysis
C.
Enterprise SIEM
D.
Real-time event correlation
C.
Enterprise SIEM(Security info and event management) would be the most effective. Really just needed to know the acronym.
A security administrator wants to implement a system that will allow the organization to quickly and securely recover from a computer breach. The security
administrator notices that the majority of malware infections are caused by zero-day armored viruses and rootkits. Which of the following solutions should the
system administrator implement?
A.
Install an antivirus solution that provides HIPS capabilities.
B.
Implement a thick-client model with local snapshots.
C.
Deploy an enterprise patch management system.
D.
Enable the host-based firewall and remove users’ administrative rights.
A.
HIPS antivirus would work here. C would patch zero days but might not offer protection against rootkits? I’m not sure but A would work.
After Ann arrives at the company’s co-location facility, she determines that she is unable to access the cage that holds the company’s equipment after a co-worker
updated the key card server the night before. This is an example of failure of which of the following?
A.
Testing controls
B.
Access signatures
C.
Fault tolerance
D.
Non-repudiation
READ THE QUESTION. A.
It wasn’t tested properly that was the failure. Duh.
Which of the following attack types is MOST likely to cause damage or data loss for an organization and be difficult to investigate?
A.
Man-in-the-middle
B.
Spoofing
C.
DDoS
D.
Malicious insider
D.
Malicious insider would be hardest to catch because they have internal knowledge of security systems.
An administrator is reviewing the logs for a content management system that supports the organization’s public-facing website. The administrator is concerned
about the number of attempted login failures from other countries for administrator accounts. Which of the following capabilities is BEST to implement if the
administrator wants the system to dynamically react to such attacks?
A.
Netflow-based rate limiting
B.
Disable generic administrative accounts
C.
Automated log analysis
D.
Intrusion prevention system
A. Netflow Based rate limiting.
Don’t know why.
A system administrator wants to ensure that only authorized devices can connect to the wired and wireless corporate system. Unauthorized devices should be
automatically be placed on a guest network. Which of the following MUST be implemented to support these requirements? (Select TWO).
A.
Port security
B.
802.1X
C.
Proxy
D.
VLAN
E.
NAT
B,D
802.1x is a way to authenticate any plugging a cat6 cable into the network.
VLAN is the separation of networks and port security the one you picked is the same as 802.1x
Which of the following network configurations provides security analysts with the MOST information regarding threats, while minimizing the risk to internal corporate
assets?
A.
Configuring the wireless access point to be unencrypted
B.
Increasing the logging level of internal corporate devices
C.
Allowing inbound traffic to a honeypot on the corporate LAN
D.
Placing a NIDS between the corporate firewall and ISP
D.
A honeypot would be to revealing to corporate resources. A NIDS would allow the administrator to note threats without actually letting them touch the network.
A network administrator would like to implement a wireless solution that uses a very high performance stream cipher encryption protocol. Which of the following
solutions should the administrator implement to meet this goal?
A.
EAP-TLS
B.
WPA2 Enterprise
C.
WEP
D.
CCMP
C.
WEP is a STREAM cipher while WPA2 is a BLOCK cipher. Key distinction.
A security manager is required to protect the disclosure of sensitive data stored on laptops and mobile devices while users are traveling. Users are required to
connect via VPN to the company’s network and are also issued cable locks. Which of the following should the security manager implement to further secure the
data? (Select TWO).
A.
Screen locks
B.
Remote wipe
C.
One-time tokens
D.
BIOS password
E.
Full-disk encryption
B,E
Full disk encryption would keep the data safe. VPN connection made me think one time tokens for some reason.
A company needs to ensure that employees that are on vacation or leave cannot access network resources, while still retaining the ability to receive emails in their
inboxes. Which of the following will allow the company to achieve this goal?
A.
Set up an email alias
B.
Remove user privileges
C.
Install an SMTP proxy server
D.
Reset user passwords
A
Not sure what an email alias is.
A security administrator creates separate VLANs for employee devices and HVAC equipment that is network attached. Which of the following are security reasons
for this design? (Select THREE).
A.
IDS often requires network segmentation of HVAC endpoints for better reporting.
B.
Broadcasts from HVAC equipment will be confined to their own network segment.
C.
HVAC equipment can be isolated from compromised employee workstations.
D.
VLANs are providing loop protection for the HVAC devices.
E.
Access to and from the HVAC equipment can be more easily controlled.
F.
Employee devices often interfere with proper functioning of HVAC devices.
B,C,E
Not sure. Maybe rewatch HVAC chapter.
The firewall administrator is installing a VPN application and must allow GRE through the firewall. Which of the following MUST the administrator allow through the
firewall?
A.
IPSec
B.
IP protocol 47
C.
IP protocol 50
D.
IP protocol 51
B.
Internet protocol 47 is the GRE protocol. Nice.
A security administrator recently implemented IPSec for remote users. Which of the following ports must be allowed through the firewall in order for remote access
to be successful if the tunneling protocol is PPTP?
A.
UDP 500
B.
UDP 1723
C.
TCP 1723
D.
TCP 4500
C.
That’s the port for the tunneling protocol PPTP(point-to-point tunneling protocol.
An organization received a subpoena requesting access to data that resides on an employee’s computer. The organization uses PKI. Which of the following is the
BEST way to comply with the request?
A.
Certificate authority
B.
Public key
C.
Key escrow
D.
Registration authority
E.
Key recovery agent
D.
You would need help getting the private key. Hence the answer.
A system administrator decided to perform maintenance on a production server servicing retail store operations. The system rebooted in the middle of the day due
to the installation of monthly operating system patches. The downtime results in lost revenue due to the system being unavailable. Which of the following would
reduce the likelihood of this issue occurring again?
A.
Routine system auditing
B.
Change management controls
C.
Business continuity planning
D.
Data loss prevention implementation
B
production change bad
A network technician needs to pass traffic from the company’s external IP address to a front-end mail server in the DMZ without exposing the IP address of the mail
server to the external network. Which of the following should the network technician use?
A.
NAT
B.
SMTP
C.
NAC
D.
SSH
E.
TLS
A.
Network address translation would help with not exposing the IP. Make the corporate IP into a public IP.
A malicious insider is using an ARP spoofing tool to impersonate the gateway router. Which of the following attack types is the malicious insider implementing?
A.
Man-in-the-middle attack.
B.
IP spoofing attack.
C.
DNS poisoning and redirect attack.
D.
Replay attack.
A.
Rewatch man in the middle attack.
A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other.
A company has recently won a classified government contract involving both confidential and restricted information. To ensure proper authorization for
authenticated users and restrict unauthorized users from accessing information above their clearance, the company should establish:
A.
discretionary access control.
B.
mandatory access control.
C.
rule-based access control.
D.
role-based access control.
B. Read it twice.
A security administrator determined that the time required to brute force 90% of the company’s password hashes is below the acceptable threshold. Which of the
following, if implemented, has the GREATEST impact in bringing this time above the acceptable threshold?
A.
Use a shadow password file.
B.
Increase the number of PBKDF2 iterations.
C.
Change the algorithm used to salt all passwords.
D.
Use a stronger hashing algorithm for password storage.
B
To increase the security of your master password, LastPass utilizes a stronger-than-typical version of Password-Based Key Derivation Function (PBKDF2). At its most basic, PBKDF2 is a “password-strengthening algorithm” that makes it difficult for a computer to check that any one password is the correct master password during a brute-force attack.
A company is planning to encrypt the files in several sensitive directories of a file server with an asymmetric key. Which of the following could be used?
A.
AES
B.
RSA
C.
ECC
D.
3DES
E.
MD5
B
RSA was first described in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman of the Massachusetts Institute of Technology. Public-key cryptography, also known as asymmetric cryptography, uses two different but mathematically linked keys, one public and one private. The public key can be shared with everyone, whereas the private key must be kept secret. In RSA cryptography, both the public and the private keys can encrypt a message; the opposite key from the one used to encrypt a message is used to decrypt it.
A security administrator has deployed five additional copies of the same virtualized Linux server to distribute the load of web traffic on the original server. Which of
the following should the administrator do to help security harden these new systems? (Select TWO).
A.
Configure for dual factor authentication
B.
Team/Bond network adapters
C.
Add virtual machine software extensions
D.
Deploy unique public keys to each virtual server
E.
Disable HTTP protocols
F.
Generate new SSH keys
D,F
Need keys to be secure. Not sure about generating new secure shell keys though. Most of this does not make sense.
An assessment team is conducting a vulnerability scan of an organization’s database servers. During the configuration of the vulnerability scanner, the lead
assessor only configures the parameter of the database servers’ IP range, and then runs the vulnerability scanner. Which of the following scan types is being run on
the database servers?
A.
Intrusive
B.
Ping sweep
C.
Non-credentialed
D.
Offline
C
Non-credentialed is the type. No logins involved which would be intrusive and he is not just pinging the systems. Also not offline.
Ann, a network security engineer, is trying to harden her wireless network. Currently, users are able to connect any device to the wireless network as long as they
authenticate with their network username and password. She is concerned that devices that are not company-issued may gain unauthorized access. Which of the
following techniques would be BEST suited to remediate this vulnerability? (Select TWO).
A.
Utilize a single service account, only known by IT, to authenticate all devices
B.
Install separate access points for personal devices
C.
Install an IPS to protect the network from rogue devices
D.
Filter the MAC addresses of all unknown devices on the wireless controller
E.
server to authenticate via computer end user
D, E
A security administrator, believing it to be a security risk, disables IGMP snooping on a switch. This breaks a video application. The application is MOST likely using:
A.
RTP.
B.
multicast.
C.
anycast.
D.
VoIP.
B
The Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IPv4 networks to establish multicast group memberships. IGMP is an integral part of IP multicas
An application service provider has notified customers of a breach resulting from improper configuration changes. In the incident, a server intended for internal
access only was made accessible to external parties. Which of the following configurations were likely to have been improperly modified, resulting in the breach?
A.
NAT
B.
IDS
C.
CRL
D.
VPN
D
VPN Is configured for outside access. If it was configured improperly it would allow outsiders access
A healthcare organization is in the process of building and deploying a new web server in the DMZ that will enable public Internet users the ability to securely send
and receive messages from their primary care physicians. Which of the following should the security administrator consider?
A.
An in-band method for key exchange and an out-of-band method for the session
B.
An out-of-band method for key exchange and an in-band method for the session
C.
A symmetric algorithm for key exchange and an asymmetric algorithm for the session
D.
An asymmetric algorithm for key exchange and a symmetric algorithm for the session
D
A security specialist has implemented antivirus software and whitelisting controls to prevent malware and unauthorized application installation on the company
systems. The combination of these two technologies is an example of which of the following?
A.
Defense in depth
B.
Vulnerability scanning
C.
Application hardening
D.
Anti-malware
A
Defense in depth. Research topic.
An administrator needs to deploy a new SSL wildcard certificate to three different web servers. Which of the following MUST be taken into consideration? (Select
TWO).
A.
The fingerprint on the certificate
B.
The CRL URL of the certificate
C. Intermediate CA(s) that may need to be added
D.
File format needed by the target platform
E.
The CSR that was used to request the certificate
F.
The OU field on the certificate
C,F
Need to rewatch some certificate stuff.
Which of the following social engineering attacks would describe a situation where an attacker calls an employee while impersonating a corporate executive?
A.
Vishing
B.
Phishing
C.
Whaling
D.
Pharming
A.
Strange thing to need to know but:
the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.
A research user needs to transfer multiple terabytes of data across a network. The data is not confidential, so for performance reasons, does not need to be
encrypted. However, the authentication process must be confidential. Which of the following is the BEST solution to satisfy these requirements?
A.
Secured LDAP
B.
Kerberized FTP
C.
SCP
D.
SAML 2.0
B.
What?
One of the driving factors towards moving an application to a cloud infrastructure is increased application availability. In the case where a company creates a private
cloud, the risk of application downtime is being:
A.
transferred.
B.
avoided.
C.
mitigated.
D.
accepted.
C
I could see why it’s mitigated.
Several computers in an organization are running below the normal performance baseline. A security administrator inspects the computers and finds the following
pieces of information:
– Several users have uninstalled the antivirus software
– Some users have installed unauthorized software
– Several users have installed pirated software
– Some computers have had automatic updating disabled after being deployed
– Users have experienced slow responsiveness when using the Internet browser
– Users have complete control over critical system properties
Which of the following solutions would have prevented these issues from occurring? (Select TWO).
A.
Using snapshots to revert unwanted user changes
B.
Using an IPS instead of an antivirus
C.
Placing users in appropriate security groups
D.
Disabling unnecessary services
E.
Utilizing an application whitelist
F.
Utilizing an application blacklist
C,E
An administrator must select an algorithm for creating hashes of critical system files in order to later detect any unauthorized changes. Which of the following could
the administrator use? (Select TWO).
A.
3DES
B.
Diffie-Hellman
C.
CHAP
D.
RIPEMD
E.
RSA
F.
AES-256
G.
SHA-512
D,G
A retired employee did not return a company issued mobile device and may have company data on the device. Which of the following portions of the company’s
mobile device management solution could be used together to remove the company data from the employee’s device? (Select TWO)
A.
Full device encryption
B.
Application whitelisting
C.
Asset tracking
D.
Remote wiping
E.
Storage segmentation
F.
Inventory control
D,E
Remote wiping makes sense here.
A manager is reviewing bids for Internet service in support of a new corporate office location. The location will provide 24-hour service to the organization’s global
user population. In which of the following documents would the manager MOST likely find quantitative data regarding latency levels and MTTR?
A.
ISA
B.
SLA
C.
MOU
D.
BPA
B
What do all these mean besides service level agreement
An attacker has breached multiple lines of information security defense. Which of the following BEST describes why delayed containment would be dangerous?
A.
The attacker could be blocked by the NIPS before enough forensic data can be collected.
B.
The attacker could erase all evidence of how they compromised the network.
C.
The attacker could cease all attack activities making forensics more difficult.
D.
The attacker could escalate unauthorized access or compromise other systems
D
Just read all the answers.
A recent regulatory audit discovers a large number of former employees with active accounts. Terminated users are removed from the HR system but not from
Active Directory. Which of the following processes would close the gap identified?
A.
Send a recurring email to managers with a link to IT Security policies.
B.
Perform routine audits against the HR system and Active Directory.
C.
Set an account expiration date for all Active Directory accounts to expire annually.
D.
Conduct permissions reviews in Active Directory for group membership.
B
After responding to a virus detection notification, a security technician has been tasked with discovering how the virus was downloaded to the client computer.
Which of the following would BEST provide the technician with information related to the attack vector?
A.
Vulnerability scanning logs
B.
NIPS alerts
C.
Surveillance videos
D.
Proxy logs
D
An old 802.11b wireless bridge must be configured to provide confidentiality of data in transit to include the MAC addresses of communicating end users. Which of
the following can be implemented to meet this requirement?
A.
MSCHAPv2
B.
WPA2
C.
WEP
D.
IPSec
D.
Why?
An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website, but instead connects to an attacker
who is performing a man-in-the-middle attack. Which of the following should employees do to mitigate the vulnerability described in the scenario?
A.
Connect to a VPN when using public wireless networks
B.
Only connect to WPA2 networks regardless of whether the network is public or private
C.
Ensure a host-based firewall is installed and running when using public wireless networks
D.
Check the address in the web browser before entering credentials
D
An administrator installs a system that sends an SMS message containing a password recovery token to a user’s mobile device. Which of the following should also
be deployed to prevent accounts from being compromised?
A.
Password reuse limits
B.
Secure SMS gateway
C.
One-time token authentication
D.
Mobile device management
B
During a recent network audit, several devices on the internal network were found not running antivirus or HIPS. Upon further investigation, it was found that these
devices were new laptops that were deployed without having the end-point protection suite used by the company installed. Which of the following could be used to
mitigate the risk of authorized devices that are unprotected residing on the network?
A.
Host-based firewall
B.
Network-based IPS
C.
Centralized end-point management
D.
MAC filtering
C
A recent counter threat intelligence notification states that companies should review indicators of compromise on all systems. The notification stated that the
presence of a win32.dll was an identifier of a compromised system. A scan of the network reveals that all systems have this file. Which of the following should the
security analyst perform FIRST to determine if the files collected are part of the threat intelligence?
A.
Quarantine the file on each machine.
B.
Take a full system image of each machine.
C.
Take hashes of the files found for verification.
D.
Verify the time and date of the files found.
C
Check the hash to verify it’s all the same file.
An IDS analyst while reviewing a TCPDUMP file concluded the traffic was a benign email correspondence. The presence and use of which of the following ports
confirms this assumption?
A.
22
B.
25
C.
53
D.
80
B
SMTP simple mail transfer protocol. I guess that’s secure in this case. That runs on port 23.
A system administrator is configuring a site-to-site IPSec VPN tunnel. Which of the following should be configured on the VPN concentrator for payload encryption?
A.
ECDHE
B.
SHA256
C.
HTTPS
D.
3DES
D
What’s 3des
During a recent audit, it was discovered that several database services were running with local user accounts named “admin” and “dbadmin”. The following controls
will prevent network administrators from using these types of usernames for services in the future? (Select TWO)
A.
Use shared account policies
B.
Prohibit generic or default accounts
C.
Perform continuous access monitoring
D.
Perform user account access reviews
E.
Require dedicated service accounts
B,E
A major banking institution has been the victim of recurring, widespread fraud. The fraud has all occurred on the bank’s web portal. Recently, the bank implemented
a requirement for all users to obtain credentials in person at a physical office. However, this has not reduced the amount of fraud against legitimate customers.
Based on a review of the logs, most fraudulent transactions appear to be conducted with authentic credentials. Which of the following controls should be
strengthened to reduce the fraud through the website?
A.
Authentication
B.
DAC
C.
Identification
D.
Authorization
D
The network administrator sees a “%CAM-TABLE-FULL” message on a network switch. Upon investigation, the administrator notices thousands of MAC addresses
associated with a single untagged port. Which of the following should be implemented to prevent this type of attack?
A.
Port security
B.
BPDU guard
C.
802.1X
D.
TACACS+
C
Because it filters MAC Addresses
A security administrator has implemented a series of computers to research possible intrusions into the organizational network, and to determine the motives as
well as the tool used by malicious entities. Which of the following has the security administrator implemented?
A.
Honeypot
B.
DMZ
C.
Honeynet
D.
VLANs
C.
Honeynet vs honeypot is key here.
A Chief Information Office (CIO) is working with his staff to develop a contingency plan for the organization. Which of the following steps should the CIO and his
staff to take FIRST?
A.
Review the company’s risk assessment
B.
Perform a business impact analysis
C.
Create contingency strategies
D.
Develop the contingency plan policy statement
A
Which of the following types of malware can avoid detection by an antivirus system with up-to-date signatures?
A.
Trojan
B.
Backdoor
C.
Polymorphic
D.
Armored
D
An auditor is reviewing the following logs from the company’s proxy server used to store both sensitive and public documents. The documents are edited via a client
web interface and all processing is performed on the server side.
http://www.documents-portal.com/editdoc.php?document1=this%20is%20the%20content%20of%20document1
http://www.documents-portal.com/editdoc.php?document2=this%20is%20the%20content%20of%20document2
http://www.documents-portal.com/editdoc.php?document3=this%20is%20the%20content%20of%20document3
A.
Two-factor authentication should be implemented for sensitive documents.
B.
Sensitive documents should be signed using enterprise PKI.
C.
Encryption should be implemented at the transport level.
D.
Document hashing should be done to preserve document integrity.
C
A web server at an organization has been the target of distributed denial of service attacks. Which of the following, if correctly configured, would BEST mitigate
these and future attacks?
A.
SYN cookies
B.
Implicit deny
C.
Blacklisting
D.
URL filter
A
After a wireless security breach, the network administrator discovers the tool used to break into the network. Using a brute force attack, the tool is able to obtain the
wireless password in less that 11,000 attempts. Which of the following should be disabled to prevent this type of attack in the future?
A.
WPS
B.
WEP
C.
WIPS
D.
WPA2-PSK
A
Which of the following is an administrative control used to reduce tailgating?
A.
Delivering security training
B.
Erecting a fence
C.
Implementing magnetic locks on doors
D.
Installing a mantrap
A
administrative controls
A system administrator is troubleshooting an issue affecting some FTP connections. Some employees are unable to upload or download files, although the firewall
is allowing the default FTP port. Which of the following can the administrator do to fix this case?
A.
Disable the use PASV in the FTP client
B.
Configure all FTP clients to use BIN transfer
C.
Enable inbound TCP port 20 on the firewall
D.
Enable both port 21 and 22 on the firewall
A
A PKI architect is implementing a corporate enterprise solution. The solution must incorporate key escrow and recovery agents, as well as a tiered architecture.
Which of the following is required to implement the architecture correctly?
A.
Certificate revocation list
B.
Strong ciphers
C.
Intermediate authorities
D.
IPSec between CAs
C
A security administrator has been asked to assist with the identification of a BYOD design that will ensure corporate data can be managed and monitored separately
from personal data. Which of the following would the security administrator recommend?
A.
Full device encryption
B.
Application control
C.
Key management
D.
Containerization
D
A systems administrator is working with a third party to establish the automated transfer of large amounts of proprietary data. The interface will need to use secured
credentials and the transmission will consist of data that has been encrypted prior to transit and needs no additional protection. Which of the following would be the
MOST efficient method of data transmission given the established requirements?
A.
SSH
B.
TFTP
C.
FTP
D.
FTPS
A
A high traffic website is experiencing numerous brute force attacks against its user base. The attackers are using a very large botnet to carry out the attack. As a
result, many users passwords are being compromised Which of the following actions is appropriate for the website administrator to take in order to reduce the
threat from this type of attack in the future. .
A.
Temporarily ban each IP address after five failed login attempts
B.
Prevent users from using dictionary words that they have used before.
C.
Prevent users from using passwords they have used before.
D.
Require user passwords to be at least ten characters in length
D
A security auditor has full knowledge of company configuration and equipment. The auditor performs a test on the network, resulting in an exploitation of a zero-day
vulnerability.
A.
Grey box test
B.
Vulnerability scan
C.
Black box test
D.
Penetration test
D
The border firewall rules were recently modified by a network administrator to allow access to a new service on Server 1 using the default https port. When testing
the new rules internal to the company network there are no issues and when testing from an external connection it does not work. The host running the service
does not receive external packets. Other services hosted on Server 1 are responding fine to to both internal and external connection attempts. Which of the
following is MOST likely configured improperly?
A.
Network access control lists
B.
802.1x
C.
Port security
D.
Implicit deny
A
The Chief Security Officer (CSO) is concerned with unauthorized access at the company’s off-site datacenter. The CSO would like to enhance the security posture
of the datacenter. Which of the following would BEST prevent unauthorized individuals from gaining access to the datacenter?
A.
Security guard
B.
Video monitoring
C.
Magnetic entry cards
D.
Fencing
A
Which of the following is MOST effective at cracking hashed passwords?
A.
Rainbow tables
B.
Dictionary attack
C.
Birthday attack
D.
Brute force attack
A
An enterprise needs to be able to receive files that contain PII from many customers at different times. The data must remain encrypted during transport and while
at rest. Which of the following encryption solutions would meet both of these requirements?
A.
PGP
B.
SCP
C.
SSL
D.
TLS
A
A company provides wireless access for employees and a guest wireless network for visitors. The employee wireless network is encrypted and requires a
password. The guest wireless network does not use an encrypted connection and does not require a password. An administrator walks by a visitor’s laptop and
notices the following command line output:
reaver – I mon – b 7a : E5 : 9A : 42 : 2C : C1 – vv
Starting…..
[+] Trying pin 12345678
[+] 93.41% complete @ 2015-01-10 10:30:21 (15 seconds)
[!] WARNING: 10 failed connections in a row
[+] Trying pin 12345688
…
Which of the following should the administrator implement and why?
A.
Initiate employee password changes because the visitor has captured passwords and is attempting offline cracking of those passwords.
B.
Implement two-factor wireless authentication because the visitor will eventually brute force the network key.
C.
Apply WPA or WPA2 encryption because the visitor is trying to crack the employee network that is encrypted with WEP.
D.
Disable WPS because the visitor is trying to crack the employee network.
E.
Apply MAC filtering because the visitor already has the network password.
D
A firewall administrator has been instructed to block common Microsoft file sharing ports due to a recent malware outbreak. Which of the following ports should be
blocked by the firewall? (Select TWO).
A.
TCP/137
B.
UDP/137
C.
TCP/139
D.
UDP/139
E.
TCP/443
F.
UDP/443
G.
TCP/445
H.
UDP/445
C,G
http://www.thewindowsclub.com/smb-port-what-is-port-445-port-139-used-for
A company hosts sites for multiple vendors and provides information to users globally. Which of the following is a critical security consideration in this environment?
A.
Proxy servers to enforce a single access mechanism to the data warehouse
B.
Firewalls to ensure that the data warehouse is not accessible to the Internet
C.
Access controls to prevent users from accessing the entire data warehouse
D.
Query protocols should use non-standard ports to protect user result-sets
C
A security administrator wishes to implement a secure method of file transfer when communicating with outside organizations. Which of the following protocols
would BEST facilitate secure file transfers? (Select TWO).
A.
SCP
B.
TFTP
C.
SNMP
D.
FTP
E.
SMTP
F.
FTPS
A,F