SEC+ B Flashcards
A developer has just finished coding a custom web application and would like to test it for bugs by automatically injecting malformed data into it. Which of the following is the developer looking to perform? Fuzzing Stress Testing Sandboxing Normalizing
Fuzzing
A security analyst has identified malware the is propagating automatically to multiple systems on the network. Which of the following types of malware is MOST likely impacting the network? Virus Worm Logic Bomb Backdoor
Worm
A company uses WPA2-PSK, and it appears there are multiple unauthorized devices connected to the wireless network. A technician suspects this is because the wireless password has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future? Wireless guest isolation 802.1X WPS MAC address blacklist
802.1X
Which of the following is a symmetric encryption algorithm that applies to the encryption over multiple iterations? RC4 RSA 3DES SHA
3DES
A company is implementing a remote access portal so employees can work remotely from home. The company wants to implement a solution that would securely integrate with a third party. Which of the following is the BEST solution? SAML RADIUS Secure token TACACS+
SAML
A security admin has been conducting an account permissions review that had identified several users who belong to functional groups and groups responsible for auditing the functional groups’ actions. Several recent outages have not been able to be traced to any user. Which of the following should the security admin recommend preserving future audit log integrity?
Enforcing stricter onboarding workflow policies
Applying least privileged to user group membership
Restricting audit group membership to service accounts
Restricting audit group membership to service accounts
Which of the following solutions is the BEST method for controlling data exfiltration during this project?
Require that all consultant activity be restricted to a secure VDI environment
Require the consultants to sign an agreement stating they will only use the company-provided email address for communications during the project
Require updated antivirus, USB blocking, and a host-based firewall on all consultant devices
Require that all consultant activity be restricted to a secure VDI environment
A newly hired CSO is reviewing the company’s IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting in the CSIRT failing to address and coordinates malware removal from the system. Which of the following phases would BEST address these shortcomings? Identification Lessons Learned Recovery Eradication
Lessons learned
An engineer is configuring a wireless network using PEAP for the authentication protocol. Which of the following is required?
802.11n support on the WAP
X 509 certificate on the server
CCMP support on the network switch
X 509 certificate on the server
Which of the following is a resiliency strategy that allows a system to automatically adapt to workload changes?
Fault tolerance
Redundancy
Elasticity
Elasticity
A security team has completed the installation of a new server. The OS and applications have been patched and tested, and the server is ready to be deployed. Which of the following actions should be taken before deploying the new server?
Disable the default accounts
Run a penetration test on the network
Create a DMZ in which to place the server
Disable the default accounts
A security engineer wants to further secure a sensitive VLAN on the network by introducing MFA. Which if the following is the BEST example of this?
PSK and PIN
RSA token and password
Fingerprint scanner and voice recognition
RSA taken and password
Proprietary information was sent by and employee to a distribution list that included external email addresses. Which of the following BEST describes the incident that occurred and the threat actor in this scenario?
Social engineering by a hacktivist
MITM attack by a script kiddie
Unintentional disclosure by an insider
Unintentional disclosure by an insider
A security analyst received and after-hours alert indicating that a large number of accounts with the suffix “admin” were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert. Which of the following is the BEST explanation for these alerts?
The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack
The admin accounts do not have rigid password complexity rules, and this made them easier to crack
The company has implemented time-of-day restrictions, and this triggered a false positive alert when the admin tried to log in
The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack
A recent security audit identified crypto-currency software installed on one user’s machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?
The user’s machine was infected with malware; implement the orgs incident response
The user installed the software on the machine; implement technical controls to enforce the written policies
Admin downloaded the software from an untested repository; add a policy that requires integrity checking for all software
The user installed the software on the machine; implement technical controls to enforce the written policies
The phones at a business are being replaced with the VoIP phones that get plugged in-line between the switch and PC. The voice and data networks still need to be kept separate. Which of the following would allow for this? NAT Intranet Subnetting VLAN
VLAN
Which of the following models is considered an iterative approach with frequent testing Agile Waterfall DevOps Sandboxing
Agile
A security analyst discovers one of the business processes, which generates 75% of the annual revenue, uses a legacy system. This creates a risk that can contribute to a 2% drop in revenue generation every quarter. Which of the following would be the BEST response to this risk?
Mitigation
Avoidance
Insurance
Insurance
A new employee discovered a thumb drive with the company’s logo on it while walking in the parking lot. He was curious as to the contents and placed it into his work computer. Shortly after accessing the contents, he noticed the machine running slower, started to reboot, and displayed new icons on the screen. Which of the following types of attacks occurred? Social Engineering Brute force attack MITM DoS
Social Engineering
Which of the following types of vulnerability scans returns more detailed and thorough insights into actual system vulnerabilities?
Non-credentialed
Intrusive
Credentialed
Credentialed
A security analyst is determined the point of compromised after a company was hacked. The analyst checks the server logs and sees that a user account was logged in a at night, and several large, compressed files were exfiltrated. The analyst then discovers the user last logged in four years ago and was terminated. Which of the following should the security analyst recommend preventing this type of attack in the future? (Select Two)
Disable all user accounts that are not logged in to for 180 days
Enable a login banner prohibiting unauthorized use
Perform an audit of all company user accounts
Review and update the firewall settings
Restrict the compromised accounts
Disable all user accounts that are not logged in to for 180 days
Perform an audit of all company user accounts
A system admin wants to secure a backup environment, so backups are less prone to ransomware attacks. The admin would like to have a fully isolated set of backups. Which if the following would be the MOST secure option for the admin to implement? A DMZ An air gap A honeypot A VLAN
An air gap
A secure engineer deploys a certificate from a commercial CA to the RADIuS server for use with the EAP-TLS wireless network. Authentication is failing, so the engineer examines the certificate’s properties: Issuer: (A commercial CA) Valid from: (yesterday’s date) Subject: CN-smithco.com Public key: RSA (2048 bits) Enhanced key usage: Client authentication Key usage: Digital signature, key encipherment (a0) Which of the following is the MOST likely cause of the failure?
The certificate is missing the proper OID
The certificate is missing wireless authentication in key usage
The certificate is self-signed
The certificate is missing the proper OID
An organization uses an antivirus scanner from Company A on its firewall, an email system antivirus scanner from Company B, and an endpoint antivirus scanner from Company C. This is an example of:
Unified threat management
An OVAL system
Vendor diversity
vender diversity
