SEC+ B Flashcards
A developer has just finished coding a custom web application and would like to test it for bugs by automatically injecting malformed data into it. Which of the following is the developer looking to perform? Fuzzing Stress Testing Sandboxing Normalizing
Fuzzing
A security analyst has identified malware the is propagating automatically to multiple systems on the network. Which of the following types of malware is MOST likely impacting the network? Virus Worm Logic Bomb Backdoor
Worm
A company uses WPA2-PSK, and it appears there are multiple unauthorized devices connected to the wireless network. A technician suspects this is because the wireless password has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future? Wireless guest isolation 802.1X WPS MAC address blacklist
802.1X
Which of the following is a symmetric encryption algorithm that applies to the encryption over multiple iterations? RC4 RSA 3DES SHA
3DES
A company is implementing a remote access portal so employees can work remotely from home. The company wants to implement a solution that would securely integrate with a third party. Which of the following is the BEST solution? SAML RADIUS Secure token TACACS+
SAML
A security admin has been conducting an account permissions review that had identified several users who belong to functional groups and groups responsible for auditing the functional groups’ actions. Several recent outages have not been able to be traced to any user. Which of the following should the security admin recommend preserving future audit log integrity?
Enforcing stricter onboarding workflow policies
Applying least privileged to user group membership
Restricting audit group membership to service accounts
Restricting audit group membership to service accounts
Which of the following solutions is the BEST method for controlling data exfiltration during this project?
Require that all consultant activity be restricted to a secure VDI environment
Require the consultants to sign an agreement stating they will only use the company-provided email address for communications during the project
Require updated antivirus, USB blocking, and a host-based firewall on all consultant devices
Require that all consultant activity be restricted to a secure VDI environment
A newly hired CSO is reviewing the company’s IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting in the CSIRT failing to address and coordinates malware removal from the system. Which of the following phases would BEST address these shortcomings? Identification Lessons Learned Recovery Eradication
Lessons learned
An engineer is configuring a wireless network using PEAP for the authentication protocol. Which of the following is required?
802.11n support on the WAP
X 509 certificate on the server
CCMP support on the network switch
X 509 certificate on the server
Which of the following is a resiliency strategy that allows a system to automatically adapt to workload changes?
Fault tolerance
Redundancy
Elasticity
Elasticity
A security team has completed the installation of a new server. The OS and applications have been patched and tested, and the server is ready to be deployed. Which of the following actions should be taken before deploying the new server?
Disable the default accounts
Run a penetration test on the network
Create a DMZ in which to place the server
Disable the default accounts
A security engineer wants to further secure a sensitive VLAN on the network by introducing MFA. Which if the following is the BEST example of this?
PSK and PIN
RSA token and password
Fingerprint scanner and voice recognition
RSA taken and password
Proprietary information was sent by and employee to a distribution list that included external email addresses. Which of the following BEST describes the incident that occurred and the threat actor in this scenario?
Social engineering by a hacktivist
MITM attack by a script kiddie
Unintentional disclosure by an insider
Unintentional disclosure by an insider
A security analyst received and after-hours alert indicating that a large number of accounts with the suffix “admin” were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert. Which of the following is the BEST explanation for these alerts?
The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack
The admin accounts do not have rigid password complexity rules, and this made them easier to crack
The company has implemented time-of-day restrictions, and this triggered a false positive alert when the admin tried to log in
The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack
A recent security audit identified crypto-currency software installed on one user’s machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?
The user’s machine was infected with malware; implement the orgs incident response
The user installed the software on the machine; implement technical controls to enforce the written policies
Admin downloaded the software from an untested repository; add a policy that requires integrity checking for all software
The user installed the software on the machine; implement technical controls to enforce the written policies