Sec+ 601 study guide Part 7 Flashcards
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:
No. Time Source Destination Protocol Length. Info
1234. 9.1195665 Sagemcom_87:9f:a3 Broadcast. 802.11 38. Deauthentication,
SN=655, FN0
1234. 9.1265649. Sagemcom_87:9f:a3 Broadcast. 802.11. 38 Deauthentication,
SN=655, FN0
1234. 9.2223212. Sagemcom_87:9f:a3 Broadcast. 802.11 38 Deauthentication,
SN=655, FN0
Which of the following attacks does the analyst MOST likely see in this packet capture? A. Session replay B. Evil twin C. Bluejacking D. ARP poisoning
B. Evil twin
Which of the following would be BEST to establish between organizations to define the responsibilities of each party, outline the key deliverables, and include monetary penalties for breaches to manage third-party risk?
A. An ARO
B. An MOU
C. An SLA
D. A BPA
C. An SLA
Users at an organization have been installing programs from the Internet on their workstations without first receiving proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function properly.
Which of the following should the security administrator consider implementing to address this issue?
A. Application code signing
B. Application whitelisting
C. Data loss prevention
D. Web application firewalls
B. Application whitelisting
A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:
– Mobile device OSs must be patched up to the latest release.
– A screen lock must be enabled (passcode or biometric).
– Corporate data must be removed if the device is reported lost or stolen.
Which of the following controls should the security engineer configure? (Choose two.)
A. Containerization B. Storage segmentation C. Posturing D. Remote wipe E. Full-device encryption F. Geofencing
C. Posturing
D. Remote wipe
The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached.
Which of the following would BEST address this security concern?
A. Install a smart meter on the staff WiFi.
B. Place the environmental systems in the same DHCP scope as the staff WiFi.
C. Implement Zigbee on the staff WiFi access points.
D. Segment the staff WiFi network from the environmental systems network.
D. Segment the staff WiFi network from the environmental systems network.
A security analyst is reviewing information regarding recent vulnerabilities. Which of the
following will the analyst MOST likely consult to validate which platforms have been affected?
A. OSINT
B. SIEM
C. CVSS
D. CVE
D. CVE
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks.
Which of the following methods would BEST prevent the exfiltration of data?
(Choose two.)
A. VPN B. Drive encryption C. Network firewall D. File-level encryption E. USB blocker F. MFA
B. Drive encryption
E. USB blocker
An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate datacenter that houses confidential information. There is a firewall at the Internet border, followed by a OLP appliance, the VPN server, and the datacenter itself.
Which of the following is the WEAKEST design element?
A. The OLP appliance should be integrated into a NGFW
B. Split-tunnel connections can negatively impact the OLP appliance’s performance
C. Encrypted VPN traffic will not be inspected when entering or leaving the network
D. Adding two hops in the VPN tunnel may slow down remote connections
C. Encrypted VPN traffic will not be inspected when entering or leaving the network
After consulting with the Chief Risk Officer (CRO), a manager decides to acquire cybersecurity insurance for the company.
Which of the following risk management strategies is the manager adopting?
A. Risk acceptance
B. Risk avoidance
C. Risk transference
D. Risk mitigation
C. Risk transference
A database administrator needs to ensure all passwords are stored in a secure manner, so the administrator adds randomly generated data to each password before storing.
Which of the following techniques BEST explains this action?
A. Predictability
B. Key stretching
C. Salting
D. Hashing
C. Salting
A company’s Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks.
Which of the following would be BEST for the security manager to use in a threat model?
A. Hacktivists
B. White-hat hackers
C. Script kiddies
D. Insider threats
A. Hacktivists
The website http://companywebsite.com requires users to provide personal
information, including security question responses, for registration.
Which of the following would MOST likely cause a data breach?
A. Lack of input validation
B. Open permissions
C. Unsecure protocol
D. Missing patches
C. Unsecure protocol
A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations.
Which of the following would address the CSO’s concerns?
A. SPF B. DMARC C. SSL D. DKIM E. TLS
E. TLS
A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers.
Which of the following frameworks should the management team follow?
A. Payment Card Industry Data Security Standard
B. Cloud Security Alliance Best Practices
C. ISO/IEC 27032 Cybersecurity Guidelines
D. General Data Protection Regulation
C. ISO/IEC 27032 Cybersecurity Guidelines
An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources.
Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?
A. Using geographic diversity to have VPN terminations closer to end users
B. Utilizing split tunneling so only traffic for corporate resources is encrypted
C. Purchasing higher-bandwidth connections to meet the increased demand
D. Configuring QoS properly on the VPN accelerators
B. Utilizing split tunneling so only traffic for corporate resources is encrypted