Sec+ 601 study guide Part 7 Flashcards

1
Q

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:

No. Time Source Destination Protocol Length. Info
1234. 9.1195665 Sagemcom_87:9f:a3 Broadcast. 802.11 38. Deauthentication,
SN=655, FN0
1234. 9.1265649. Sagemcom_87:9f:a3 Broadcast. 802.11. 38 Deauthentication,
SN=655, FN0
1234. 9.2223212. Sagemcom_87:9f:a3 Broadcast. 802.11 38 Deauthentication,
SN=655, FN0

Which of the following attacks does the analyst MOST likely see in this packet capture?
A. Session replay
B. Evil twin
C. Bluejacking
D. ARP poisoning
A

B. Evil twin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following would be BEST to establish between organizations to define the responsibilities of each party, outline the key deliverables, and include monetary penalties for breaches to manage third-party risk?

A. An ARO
B. An MOU
C. An SLA
D. A BPA

A

C. An SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Users at an organization have been installing programs from the Internet on their workstations without first receiving proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function properly.

Which of the following should the security administrator consider implementing to address this issue?

A. Application code signing
B. Application whitelisting
C. Data loss prevention
D. Web application firewalls

A

B. Application whitelisting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:
– Mobile device OSs must be patched up to the latest release.
– A screen lock must be enabled (passcode or biometric).
– Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Choose two.)

A. Containerization
B. Storage segmentation
C. Posturing
D. Remote wipe
E. Full-device encryption
F. Geofencing
A

C. Posturing

D. Remote wipe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached.

Which of the following would BEST address this security concern?

A. Install a smart meter on the staff WiFi.
B. Place the environmental systems in the same DHCP scope as the staff WiFi.
C. Implement Zigbee on the staff WiFi access points.
D. Segment the staff WiFi network from the environmental systems network.

A

D. Segment the staff WiFi network from the environmental systems network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security analyst is reviewing information regarding recent vulnerabilities. Which of the
following will the analyst MOST likely consult to validate which platforms have been affected?

A. OSINT
B. SIEM
C. CVSS
D. CVE

A

D. CVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks.

Which of the following methods would BEST prevent the exfiltration of data?
(Choose two.)

A. VPN
B. Drive encryption
C. Network firewall
D. File-level encryption
E. USB blocker
F. MFA
A

B. Drive encryption

E. USB blocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate datacenter that houses confidential information. There is a firewall at the Internet border, followed by a OLP appliance, the VPN server, and the datacenter itself.

Which of the following is the WEAKEST design element?

A. The OLP appliance should be integrated into a NGFW
B. Split-tunnel connections can negatively impact the OLP appliance’s performance
C. Encrypted VPN traffic will not be inspected when entering or leaving the network
D. Adding two hops in the VPN tunnel may slow down remote connections

A

C. Encrypted VPN traffic will not be inspected when entering or leaving the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

After consulting with the Chief Risk Officer (CRO), a manager decides to acquire cybersecurity insurance for the company.

Which of the following risk management strategies is the manager adopting?

A. Risk acceptance
B. Risk avoidance
C. Risk transference
D. Risk mitigation

A

C. Risk transference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A database administrator needs to ensure all passwords are stored in a secure manner, so the administrator adds randomly generated data to each password before storing.

Which of the following techniques BEST explains this action?

A. Predictability
B. Key stretching
C. Salting
D. Hashing

A

C. Salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A company’s Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks.

Which of the following would be BEST for the security manager to use in a threat model?

A. Hacktivists
B. White-hat hackers
C. Script kiddies
D. Insider threats

A

A. Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The website http://companywebsite.com requires users to provide personal
information, including security question responses, for registration.

Which of the following would MOST likely cause a data breach?

A. Lack of input validation
B. Open permissions
C. Unsecure protocol
D. Missing patches

A

C. Unsecure protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations.

Which of the following would address the CSO’s concerns?

A. SPF
B. DMARC
C. SSL
D. DKIM
E. TLS
A

E. TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers.

Which of the following frameworks should the management team follow?

A. Payment Card Industry Data Security Standard
B. Cloud Security Alliance Best Practices
C. ISO/IEC 27032 Cybersecurity Guidelines
D. General Data Protection Regulation

A

C. ISO/IEC 27032 Cybersecurity Guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources.

Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

A. Using geographic diversity to have VPN terminations closer to end users
B. Utilizing split tunneling so only traffic for corporate resources is encrypted
C. Purchasing higher-bandwidth connections to meet the increased demand
D. Configuring QoS properly on the VPN accelerators

A

B. Utilizing split tunneling so only traffic for corporate resources is encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports.

Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.)

A. SFTP, FTPS
B. SNMPv2, SNMPv3
C. HTTP, HTTPS
D. TFTP, FTP
E. SNMPv1 , SNMPv2
F. Telnet, SSH
G. TLS, SSL
H. POP, IMAP
I. Login, rlogin
A

B. SNMPv2, SNMPv3
C. HTTP, HTTPS
F. Telnet, SSH

17
Q

A security analyst is reviewing output of a web server log and notices a particular account is attempting to transfer large amountsof money:

GET http://yourbank.com/transfer.do?acctnum=087646958&amount=500000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958&amount=5000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958&amount=l000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958&amount=500 HTTP/1.1
Which of the following types of attack is MOST likely being conducted?

A. SQLi
B. CSRF
C. Session replay
D. API

A

B. CSRF

18
Q

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review.

Which of the following did the administrator MOST likely configure that will assist the investigators?

A. Memory dumps
B. The syslog server
C. The application log
D. The log retention policy

A

D. The log retention policy

19
Q

The following are the logs of a successful attack:

[DATA) attacking service ftp on port 21
[ATTEMPT) 09:00 :0lUTC target 192.168.50.1 - login “admin” -pass “p@55w0rd”
[ATTEMPT) 09:00 :0lUTC target 192.168.50.1 - login “admin” -pass “AcCe55”
[ATTEMPT) 09:00 :0lUTC target 192.168.50.1 - login “admin” -pass “All0w!”
[ATTEMPT] 09:00 :0lUTC target 192.168.50.1 - login “admin” -pass “FTPL0gin!”
[ATTEMPT] 09:00 :0lUTC target 192.168.50.1 - login “admin” -pass “L3tM31N!”
[21) (ftp] host: 192.168.50.1 login:admin password:L3tM31N!
1 of 1 target successfully completed, 1 valid password found in <1 second

Which of the following controls would be BEST to use to prevent such a breach in the future?
A. Password history
B. Account expiration
C. Password complexity
D. Account lockout
A

C. Password complexity

20
Q

A security administrator currently spends a large amount of time on common security tasks, such as report generation, phishing investigations, and user provisioning and deprovisioning. This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members.

Which of the following should the administrator attempt?

A. DAC
B. ABAC
C. SCAP
D. SOAR

A

D. SOAR

21
Q

A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed.

Which of the following is required to assess the vulnerabilities resident in the application?

A. Repository transaction logs
B. Common Vulnerabilities and Exposures
C. Static code analysis
D. Non-credentialed scans

A

B. Common Vulnerabilities and Exposures

22
Q

A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file. After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string.

Which of the following would be BIEST to use to accomplish this
task? (Choose two.)

A. head
B. tcpdump
C. grep
D. tail
E. curl
F. openssl
G. dd
A

A. head

B. tcpdump

23
Q

A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. Which of the following must be part of the security architecture to achieve AAA? (Choose two.)

A. DNSSEC
B. Reverse proxy
C. VPN concentrator
D. PKI
E. Active Directory
F. RADIUS
A

D. PKI

F. RADIUS

24
Q

A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs. Which of the following should the university use to BEST protect these assets deployed in the facility?

A. Visitor logs
B. Cable locks
C. Guards
D. Disk encryption
E. Motion detection
A

B. Cable locks

25
Q

Which of the following BEST describes the MFA attribute that requires a callback on a predefined landline?

A. Something you exhibit
B. Something you can do
C. Something you know
D. Somewhere you are

A

D. Somewhere you are

26
Q

A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan types would produce the BEST vulnerability scan report?

A. Port
B. Intrusive
C. Host discovery
D. Credentialed

A

D. Credentialed

27
Q

A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil.

Which of the following account policies would BEST prevent this type of attack?

A. Network location
B. Impossible travel time
C. Geolocation
D. Geofencing

A

B. Impossible travel time

28
Q

A network administrator has been asked to design a solution to improve a company’s security posture. The administrator is given the following requirements:
– The solution must be inline in the network.
– The solution must be able to block known malicious traffic.
– The solution must be able to stop network-based attacks.

Which of the following should the network administrator implement to BEST meet these requirements?

A. HIDS
B. NIDS
C. HIPS
D. NIPS

A

D. NIPS