Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SEC + > SEC+ A > Flashcards

SEC+ A Flashcards

1
Q

Which of the following are disadvantages of full backups (select three)
They rely on other backups for recovery
They require the most storage
They demand the most bandwidth
They have the slowest recovery time
They are impossible in virtual environments
They are time-consuming to complete

A

They require the most storage
They have the slowest recovery time
They are time-consuming to complete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
A network admin is configuring a honeypot in a company's DMZ. To provide a method for hackers to access the system easily, the company needs to configure a plaintext authentication method that will send only the username and passwords to a service un the honeypot. Which of the following protocols should the company use?
OAthu
PAP
RADIUS
Shibboleth
A

PAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
A security analyst has been to implement secure protocols to prevent cleartesxt credentials from being transmitted over the internal network. Which of the following protocols is the security analyst MOST likely to implement? (Select TWO)
SNMPv3
S/MIME
DNSSEC
SSH
SFTP
A

SSH

SFTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
Which if the following controls does a mantrap BEST represent?
Deterrent
Detective
Physical
Corrective
A

Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is the main difference between symmetric and asymmetric cryptographic algorithms?
The use of PKI in symmetric algorithms
HSM-based key generation
Only one key used in symmetric algorithms
Random vs pseudo-random key generation

A

Only one key used in symmetric algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When conducting a penetration test, a pivot is use to describe a scenario in which:
The penetration tester uses pass-the-hash- to gain access to a server via SMB, and then uses this server to SSH to another server
A penetration tester is able to download the Active Directory database after exploiting an unpatched vulnerability on the domain
The vulnerability scanner reveals a flaw in SMB signing, which can be used to send a nectar recon tool to one of there servers on the network
The penetration tester is able to access the datacenter or network closet by using a lockpick

A

The penetration tester uses pass-the-hash to gain access to a server via SMB, and then uses this server to SSH to another server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A user reports she is receiving emails that appear to be from organizations to which she belongs, but the emails contain links to websites that do not belong to those organizations. Which of the following security scenarios does the describe?
A hacker is using Ann’s social media information to create a spear phishing attack
The DNS servers for the organizations have been hacked and are pointing to malicious sites
The company’s mail system has changed the organization’s links to point to a proxy server for security
Her computer is infected with adware that has changed the email links

A

A hacker is using Ann’s social media information to create a spear phishing attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
A company is looking for an all-in-one solution to provide identification, authentication, authorization, and accounting services. Which of the following technologies should the company use?
Diameter
SAML
Kerberos
CHAP
A

Diameter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
A company has forbidden the use of external media within its headquarter location. A security analyst is working on adding additional repositories to a server in the environment when the analyst notices some odd procedures running on the system. (See Original Sheet) Given this output, which of the following security issues has been discovered?
A misconfigured HIDS
A malware Installation
A policy violation
The activation of a Trojan
A

A malware installation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A security analyst from a large organization has been instructed to use another, more effective scanning tool. After installing the tool on her desktop, she started a full vulnerability scan. After running the scan for eight hours, she finds that there were no vulnerabilities identified. Which of the following is the MOST likely cause of not receiving any vulnerabilities on the network?
The org has a zero tolerance policy against applying cybersecurity best practices
The org had a proactive approach to patch management principles and practices
The security analyst credentials did not allow full admin rights for the scanning tool
The security analyst just recently applied operating system level patches
Buffer overflow can be avoided using proper:

A

The security analyst credentials did not allow full admin rights for the scanning tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
Buffer overflow can be avoided using proper:
Memory leak prevention
Memory reuse
Input validation
Implementation of ASLR
A

Input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
An org’s CIO read an article that identified leading hacker trends and attacks, one of which is the alteration of URLs to IP addresses resulting in users being redirected to malicious websites. To reduce the changes of this happening in the organization, which of the following secure protocols should be implemented?
DNSSEC
IPSec
LDAPS
HTTPS
A

DNSSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
A security admin has created a new group policy object that utilizes the trusted platform module to compute a hash of system files and compare the value to a known-good value. Which of the following security concepts is this an example of?
Integrity measurement
Secure baseline 
Sandboxing
Immutable systems
A

Integrity Measurement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Given the following output: NMAP –P 80 –script hostmap-bfk.nse company.com starting NMAP 6.46 NMAP scan report for company.com Port State Service 80/TCP open http Host script results hostmap-bfk hosts: web1.company.com… Which of the following BEST describes the scanned environment?
A host was identified as a web server that is hosting multiple domains
A host was scanned, and web-based vulnerabilities were found
A connection was established to a domain, and several redirect connections were identified
A web shell was planted in company.com’s content management system

A

A host was identified as a web server that is hosting multiple domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
A security analyst needs to determine why the wireless network appears to be randomly connecting and disconnecting. He notes that only the expected SSID appears. And the WAP.MAC address matches. Given that the WAP connection has to be confirmed, which of the following is MOST likely the type of wireless attack being seen?
Evil twin
Disassociation
Rogue AP
Brute force
A

Disassociation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q 
During a routine check, a security analyst discovered the script responsible for the backup of the corporate file server had been changed to the following: (See "if end" statement) Which of the following BEST describes the type of malware the analyst discovered?
Keylogger
Rootkit
RAT
Logic Bomb
A

Logic Bomb

17
Q 
A user attempted to send an email to an external domain and quickly receives a bound-back message. The user then contacts the help desk stating the message is important and needs to be delivered immediately. While digging through the email logs, a system admin finds the email and bounce-back details: Your email has been rejected because it appears to contain SSN info. Sending SNN info via email to external recipients violates company policy. Which of the following technologies successfully stopped the email from happening?
DLP
UTM
WAF
DEP
A

DLP

18
Q 
During certain vulnerability scanning scenarios, it is possible for target system to react in unexpected ways. The type of scenario is MOST commonly known as:
Intrusive testing
a buffer overflow
a race condition
active reconnaissance
A

Intrusive testing

19
Q

A security analyst is investigating a report from an employee in the HR department who is having sporadic issues with Internet access. When the security analyst pulls the ITM logs for the IP addresses in the HR group, the following activity is shown: (IP addresses) Which of the following actions should the security analyst take?
Ensure the HR employee is in the appropriate user group
Allow port 8080 on the UTM for all outgoing traffic
Disable the proxy settings on the HR employee’s device
Edit the last line of the ACL on the UTM to allow…

A

Ensure the HR employee is in the appropriate user group

20
Q

A technician wants to configure a wireless router at a small office that manages a family-owned dry cleaning business. The router will support five laptops, personal smartphones, a wireless printer and occasional guests. Which of the following wireless configurations is BEST implemented in this scenario?
Single SSID with WPA2-Enterprise
802.1x with a guest VLAN
Dual SSID with WPAS2-PSK
Captive portal with two-factor authentication

A

Dual SSID with WPAS2-PSK

21
Q 
A company recently contracted a penetration testing firm to conduct an assessment. During the assessment, the penetration testers were able to capture unencrypted communication between the directory servers. The penetration testers recommend encrypting this communication to fix the vulnerability. Which of the following protocols should the company implement to close this finding?
DNSSEC
SFTP
Kerberos
LDAPS
A

LDAPS

22
Q 
An org is setting up a satellite office and wishes t extend the corporate network to the new site. Which of the following is the BEST solution to allow the users to access corporate resources while focusing on usability and security?
Federated services
Single sign-on
Site-to-site VPN
SSL accelerators
A

Site-to-site VPN

23
Q 
During incident response procedures, technicians capture a unique identifier for a piece of malware running in the memory. This captured information is referred to as:
A hash value
The SSID
the GUID
A system image
A

A hash value

24
Q 
A security admin is reviewing the following information from a file that was found on a compromised host: (See Original Sheet) Which of the following types of malware is MOST likely installed on the compromised item?
Keylogger
Spyware
Trojan
Backdoor
Rootkit
A

Keylogger

25
Q 
Which of the following can be used to increase the time needed to brute force a hashed password?
BCRYPT
ECDHE
Elliptic curve
Diffie-Hellman
A

BCRYPT

26
Q 
A company help desk has received reports that employees have experienced identity theft and compromised accounts. This occurred several days after receiving an email asking them to update their personal bank information. Which of the following is a vulnerability that has been exploited?
Trojan horses
Phishing
Improperly configured accounts
Forged certificates
Untrained users
A

Untrained users

27
Q 
A ne PKI is being built at a company, but the network admin has concerns about spikes of traffic occurring twice a day due to clients checking the status of the certificates. Which of the following should be implemented to reduce the spikes in traffic?
CRL
OCSP
SAN
OID
A

OCSP

28
Q 
Which of the following cloud models is used to share resources and information with business partners and like businesses without allowing everyone else access?
Public
Hubrid
Community
Private
A

Community

29
Q 
An auditor is requiring an org to perform real-time validation of SSL certificates. Which of the following should the organization implement?
OCSP
CRL
CSR
KDC
A

OCSP

30
Q 
Which of the following  should be implemented to stop an attacker from interacting with the hypervision through another guest?
Containers
VM escape protection
Security broker
Virtual desktop
A

VM escape protection

31
Q 
A company is determining where to host a hot site, and one of the locations being considered is in another country. Which of the following should be considered when evaluating this option?
Mean RTO
Mean RPO
Data sovereignty
Data destructions laws
A

Data sovereignty

32
Q

A tester was able to leverage a pass-the-hash attack during a recent penetration test. The tester gained a foothold and moved laterally through the network. Which of the following would prevent this type of attack from reoccurring?
Renaming all active service accounts and disabling all inactive service accounts
Creating separate accounts for privileged access that are not used to log on to local machines
Enabling full-disk encryption on all workstations that are used by admin and disabling RDP

A

Creating separate accounts for privileged access that are not used to log on to local machines

33
Q

Increasing the password complexity requirements and setting account expiration dates. Which of the following BEST describes why an air gap is a useful security control?
It physically isolates two or more networks, therefore helping prevent cross contamination or accidental data spillage
It requires that files be transferred via USB instead of networks that are potentially vulnerable to hacking, therefore preventing virus infections
It provides physical space between two interlocking doors, therefore providing additional control from unauthorized entry

A

It physically isolates two or more networks, therefore helping prevent cross contamination or accidental data spillage

34
Q

An admin needs to protect five websites with SSL certificates. Three of the websites have different domain names, and two of the websites share the domain name but have different subdomain prefixes. Whcih of the following SSL certificates should the admin purchase to protect all of the websites and be able to admin them easily at a later time?
One SAN certificate
One Unified Communications Certificate and one wildcare certificate
One wildcared certificate and two standard certificates
Five standard certificates

A

One SAN certificate

35
Q 
A network admin needs to prevent users from accessing the accounting department records. All users are connected to the same Layer 2 devices and access the Internet through the same router. Which of the following should be implemented to segment the accounting department from the rest of the users?
Implement VLANs and an ACL
Install a firewall and create a DMZ
Create a site-to-site VPN
Enable MAC addresses filtering
A

Implement VLANs and an ACL

36
Q

When choosing a hashing algorithm for storing passwords in a web server database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5?
HMAC provides hardware acceleration, thus speeding up authentication
HMAC adds a transport layer handshake, which improves authentication
HMAC-MD5 can be decrypted faster, speeding up performance
HMAC-MD5 is more resistance to brute forcing

A

HMAC adds a transport layer handshake, which improves authentication

SEC + (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions