SEC+ A Flashcards
Which of the following are disadvantages of full backups (select three)
They rely on other backups for recovery
They require the most storage
They demand the most bandwidth
They have the slowest recovery time
They are impossible in virtual environments
They are time-consuming to complete
They require the most storage
They have the slowest recovery time
They are time-consuming to complete
A network admin is configuring a honeypot in a company's DMZ. To provide a method for hackers to access the system easily, the company needs to configure a plaintext authentication method that will send only the username and passwords to a service un the honeypot. Which of the following protocols should the company use? OAthu PAP RADIUS Shibboleth
PAP
A security analyst has been to implement secure protocols to prevent cleartesxt credentials from being transmitted over the internal network. Which of the following protocols is the security analyst MOST likely to implement? (Select TWO) SNMPv3 S/MIME DNSSEC SSH SFTP
SSH
SFTP
Which if the following controls does a mantrap BEST represent? Deterrent Detective Physical Corrective
Physical
Which of the following is the main difference between symmetric and asymmetric cryptographic algorithms?
The use of PKI in symmetric algorithms
HSM-based key generation
Only one key used in symmetric algorithms
Random vs pseudo-random key generation
Only one key used in symmetric algorithms
When conducting a penetration test, a pivot is use to describe a scenario in which:
The penetration tester uses pass-the-hash- to gain access to a server via SMB, and then uses this server to SSH to another server
A penetration tester is able to download the Active Directory database after exploiting an unpatched vulnerability on the domain
The vulnerability scanner reveals a flaw in SMB signing, which can be used to send a nectar recon tool to one of there servers on the network
The penetration tester is able to access the datacenter or network closet by using a lockpick
The penetration tester uses pass-the-hash to gain access to a server via SMB, and then uses this server to SSH to another server
A user reports she is receiving emails that appear to be from organizations to which she belongs, but the emails contain links to websites that do not belong to those organizations. Which of the following security scenarios does the describe?
A hacker is using Ann’s social media information to create a spear phishing attack
The DNS servers for the organizations have been hacked and are pointing to malicious sites
The company’s mail system has changed the organization’s links to point to a proxy server for security
Her computer is infected with adware that has changed the email links
A hacker is using Ann’s social media information to create a spear phishing attack
A company is looking for an all-in-one solution to provide identification, authentication, authorization, and accounting services. Which of the following technologies should the company use? Diameter SAML Kerberos CHAP
Diameter
A company has forbidden the use of external media within its headquarter location. A security analyst is working on adding additional repositories to a server in the environment when the analyst notices some odd procedures running on the system. (See Original Sheet) Given this output, which of the following security issues has been discovered? A misconfigured HIDS A malware Installation A policy violation The activation of a Trojan
A malware installation
A security analyst from a large organization has been instructed to use another, more effective scanning tool. After installing the tool on her desktop, she started a full vulnerability scan. After running the scan for eight hours, she finds that there were no vulnerabilities identified. Which of the following is the MOST likely cause of not receiving any vulnerabilities on the network?
The org has a zero tolerance policy against applying cybersecurity best practices
The org had a proactive approach to patch management principles and practices
The security analyst credentials did not allow full admin rights for the scanning tool
The security analyst just recently applied operating system level patches
Buffer overflow can be avoided using proper:
The security analyst credentials did not allow full admin rights for the scanning tool
Buffer overflow can be avoided using proper: Memory leak prevention Memory reuse Input validation Implementation of ASLR
Input validation
An org’s CIO read an article that identified leading hacker trends and attacks, one of which is the alteration of URLs to IP addresses resulting in users being redirected to malicious websites. To reduce the changes of this happening in the organization, which of the following secure protocols should be implemented? DNSSEC IPSec LDAPS HTTPS
DNSSEC
A security admin has created a new group policy object that utilizes the trusted platform module to compute a hash of system files and compare the value to a known-good value. Which of the following security concepts is this an example of? Integrity measurement Secure baseline Sandboxing Immutable systems
Integrity Measurement
Given the following output: NMAP –P 80 –script hostmap-bfk.nse company.com starting NMAP 6.46 NMAP scan report for company.com Port State Service 80/TCP open http Host script results hostmap-bfk hosts: web1.company.com… Which of the following BEST describes the scanned environment?
A host was identified as a web server that is hosting multiple domains
A host was scanned, and web-based vulnerabilities were found
A connection was established to a domain, and several redirect connections were identified
A web shell was planted in company.com’s content management system
A host was identified as a web server that is hosting multiple domains
A security analyst needs to determine why the wireless network appears to be randomly connecting and disconnecting. He notes that only the expected SSID appears. And the WAP.MAC address matches. Given that the WAP connection has to be confirmed, which of the following is MOST likely the type of wireless attack being seen? Evil twin Disassociation Rogue AP Brute force
Disassociation
During a routine check, a security analyst discovered the script responsible for the backup of the corporate file server had been changed to the following: (See "if end" statement) Which of the following BEST describes the type of malware the analyst discovered? Keylogger Rootkit RAT Logic Bomb
Logic Bomb
A user attempted to send an email to an external domain and quickly receives a bound-back message. The user then contacts the help desk stating the message is important and needs to be delivered immediately. While digging through the email logs, a system admin finds the email and bounce-back details: Your email has been rejected because it appears to contain SSN info. Sending SNN info via email to external recipients violates company policy. Which of the following technologies successfully stopped the email from happening? DLP UTM WAF DEP
DLP
During certain vulnerability scanning scenarios, it is possible for target system to react in unexpected ways. The type of scenario is MOST commonly known as: Intrusive testing a buffer overflow a race condition active reconnaissance
Intrusive testing
A security analyst is investigating a report from an employee in the HR department who is having sporadic issues with Internet access. When the security analyst pulls the ITM logs for the IP addresses in the HR group, the following activity is shown: (IP addresses) Which of the following actions should the security analyst take?
Ensure the HR employee is in the appropriate user group
Allow port 8080 on the UTM for all outgoing traffic
Disable the proxy settings on the HR employee’s device
Edit the last line of the ACL on the UTM to allow…
Ensure the HR employee is in the appropriate user group
A technician wants to configure a wireless router at a small office that manages a family-owned dry cleaning business. The router will support five laptops, personal smartphones, a wireless printer and occasional guests. Which of the following wireless configurations is BEST implemented in this scenario?
Single SSID with WPA2-Enterprise
802.1x with a guest VLAN
Dual SSID with WPAS2-PSK
Captive portal with two-factor authentication
Dual SSID with WPAS2-PSK
A company recently contracted a penetration testing firm to conduct an assessment. During the assessment, the penetration testers were able to capture unencrypted communication between the directory servers. The penetration testers recommend encrypting this communication to fix the vulnerability. Which of the following protocols should the company implement to close this finding? DNSSEC SFTP Kerberos LDAPS
LDAPS
An org is setting up a satellite office and wishes t extend the corporate network to the new site. Which of the following is the BEST solution to allow the users to access corporate resources while focusing on usability and security? Federated services Single sign-on Site-to-site VPN SSL accelerators
Site-to-site VPN
During incident response procedures, technicians capture a unique identifier for a piece of malware running in the memory. This captured information is referred to as: A hash value The SSID the GUID A system image
A hash value
A security admin is reviewing the following information from a file that was found on a compromised host: (See Original Sheet) Which of the following types of malware is MOST likely installed on the compromised item? Keylogger Spyware Trojan Backdoor Rootkit
Keylogger
