Sec+ 601 study guide Part 8 Flashcards
A security administrator checks the table of a network switch, which shows the following output:
VLAN Physical Address Type Port
1 001a:42ff:5113 Dynamic GEO/5
1 0faa:abcf:ddee Dynamic GEO/5
1 c6a9:6b16:758e Dynamic GEO/5
1 a3aa:b6a3:1212 Dynamic GEO/5
1 8025:2ad8:bfac Dynamic GEO/5
1 b839:f995:a00a Dynamic GEO/5
Which of the following is happening to this switch? A. MAC Flooding B. DNS poisoning C. MAC cloning D. ARP poisoning
A. MAC Flooding
A critical file server is being upgraded, and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures.
Which of the following RAID levels meet this requirement?
A. RAID 0+1
B. RAID 2
C. RAID 5
D. RAID 6
D. RAID 6
A security engineer needs to implement the following requirements:
– All Layer 2 switches should leverage Active Directory for authentication.
– All Layer 2 switches should use local fallback authentication of Active Directory is offline.
– All Layer 2 switches are not the same and are manufactured by several vendors.
Which of the following actions should the engineer take to meet these requirements? (Choose two.)
A. Implement RADIUS.
B. Configure AAA on the switch with local login as secondary.
C. Configure port security on the switch with the secondary login method.
D. Implement TACACS+.
E. Enable the local firewall on the Active Directory server.
F. Implement a DHCP server.
A. Implement RADIUS.
C. Configure port security on the switch with the secondary login method.
A security analyst is preparing a threat brief for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat actor against the organization’s network.
Which of the following will the analyst MOST likely use to accomplish the objective?
A. A tabletop exercise
B. NISTCSF
C. MITRE ATT&CK
D. OWASP
C. MITRE ATT&CK
A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security.
Which of the following controls will the analyst MOST likely recommend?
A. MAC
B. ACL
C. BPDU
D. ARP
A. MAC
Which of the following types of controls is a CCTV camera that is not being monitored?
A. Detective
B. Deterrent
C. Physical
D. Preventive
B. Deterrent
A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:
Port Protocol State Service
22 tcp open ssh
25 tcp filtered smtp
53 tcp filtered domain
80 tcp open http
443 tcp open https
Which of the following steps would be best for the security engineer to take NEXT? A. Allow DNS access from the Internet. B. Block SMTP access from the Internet. C. Block HTTPS access from the Internet. D. Block SSH access from the Internet.
D. Block SSH access from the Internet.
A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users’ reports of issues accessing the facility.
Which of the following MOST likely indicates the cause of the access issues?
A. False rejection
B. Cross-over error rate
C. Efficacy rate
D. Attestation
B. Cross-over error rate
A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message.
Which of the following BEST describes the cause of the error?
A. The examiner does not have administrative privileges to the system.
B. The system must be taken offiine before a snapshot can be created.
C. Checksum mismatches are invalidating the disk image.
D. The swap file needs to be unlocked before it can be accessed.
A. The examiner does not have administrative privileges to the system.
Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?
A. To provide data to quantify risk based on the organization’s systems
B. To keep all software and hardware fully patched for known vulnerabilities
C. To only allow approved, organization-owned devices onto the business network
D. To standard ize by selecting one laptop model for all users in the organization
C. To only allow approved, organization-owned devices onto the business network
A cybersecurity department purchased a new PAM solution. The team is planning to randomize the service account credentials of the Windows servers first.
Which of the following would be the BEST method to increase the security on the Linux servers?
A. Randomize the shared credentials.
B. Use only guest accounts to connect.
C. Use SSH keys and remove generic passwords.
D. Remove all user accounts.
C. Use SSH keys and remove generic passwords.
Which of the following would cause a Chief Information Security Officer (CISO) the MOST concern regarding newly installed Internet-accessible 4K surveillance cameras?
A. An inability to monitor 100% of every facility could expose the company to unnecessary risk.
B. The cameras could be compromised if not patched in a timely manner.
C. Physical security at the facility may not protect the cameras from theft.
D. Exported videos may take up excessive space on the file servers.
B. The cameras could be compromised if not patched in a timely manner.
Which of the following would BEST identify and remediate a data-loss event in an enterprise
using third-party, web-based services and file-sharing platforms?
A. SIEM
B. CASB
C. UTM
D. DLP
D. DLP
A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet.
Which of the following should the analyst implement to authenticate the entire packet?
A. AH
B. ESP
C. SRTP
D. LDAP
A. AH
During an incident, a company’s CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC.
Which of the following techniques would be BEST to enable this activity while
reducing the risk of lateral spread and the risk that the adversary would notice any changes?
A. Physically move the PC to a separate Internet point of presence.
B. Create and apply microsegmentation rules.
C. Emulate the malware in a heavily monitored DMZ segment.
D. Apply network blacklisting rules for the adversary domain.
B. Create and apply microsegmentation rules.
An organization’s Chief Security Officer (CSO) wants to validate the business’s involvement in the incident response plan to ensure its validity and thoroughness.
Which of the following will the CSO MOST likely use?
A. An external security assessment
B. A bug bounty program
C. A tabletop exercise
D. A red-team engagement
C. A tabletop exercise
Which of the following scenarios would make DNS sinkhole effective in thwarting an attack?
A. An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.
B. An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server.
C. Malware is trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox.
D. DNS routing tables have been compromised, and an attacker is rerouting traffic to malicious websites.
D. DNS routing tables have been compromised, and an attacker is rerouting traffic to malicious websites.
Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and search ability of data within the cloud-based services?
A. Data encryption
B. Data masking
C. Anonymization
D. Tokenization
A. Data encryption
An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims.
Which of the following is the attacker MOST likely attempting?
A. A spear-phishing attack
B. A watering-hole attack
C. Typo squatting
D. A phishing attack
B. A watering-hole attack
A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office. Priority must be given to areas that are currently experiencing latency and connection issues.
Which of the following would be the BEST resource for determining the order of priority?
A. Nmap
B. Heat maps
C. Network diagrams
D. Wireshark
C. Network diagrams
A company has three technicians who share the same credentials for troubleshooting system. Every time credentials are changed, the new ones are sent by email to all three technicians. The security administrator has become aware of this situation and wants to implement a solution to mitigate the risk. Which of the following is the BEST solution for company to implement?
A. SSO authentication
B. SSH keys
C. OAuth authentication
D. Password vaults
B. SSH keys
A security analyst sees the following log output while reviewing web logs:
[02/Feb2019:03:39:21 -0000] 23.35.212.99 12.59.34.88 - “GET
/uri/input.action?query=%2f..%2f..%2f..%2fetc%2fpasswrd HTTP/1.0” 80 200 200
[02/Feb2019:03:39:85 -0000] 23.35.212.99 12.59.34.88 -
“GET/uri/input.action?query=/../../../etc/password HTTP/1.0” 80 200 200
Which of the following mitigation strategies would be BEST to prevent this attack from being successful?
A. Secure cookies
B. Input validation
C. Code signing
D. Stored procedures
B. Input validation
When used at design stage, which of the following improves the efficiency, accuracy, and speed of a database?
A. Tokenization
B. Data masking
C. Normalization
D. Obfuscation
C. Normalization
A company has determined that if its computer-based manufacturing machinery is not functioning for 12 consecutive hours, it will lose more money than it costs to maintain the equipment. Which of the following must be less than 12 hours maintain a positive total cost of ownership?
A. MTBF
B. RPO
C. RTO
D. MTTR
C. RTO
