SEC+ C Flashcards
Exploitation of a system using widely known credentials and network address that results in DoS is an example of: improper error handling default configuration untrained users lack of vendor support
Default Configurations
Given the following: (LONG TEXT) Which of the following concepts of cryptography is shown? Collision Salting Steganography Stram Cipher
Collison
The website of a bank that an organization does business with is being reported as untrusted by the organization’s web browser. A security analyst has been assigned to investigate. The analyst discovers the bank recently merged with another local bank and combined names. Additionally, the user’s bookmark automatically redirects to the website of the newly named bank. Which of the following is the MOST likely cause of the issue?
- The company’s web browser is not up to date
- The website’s certificates still has the old bank’s name
- The website was created too recently to be trusted
- The website’s certificated has expired
The Website’s certificate still has the old bank’s name
A system admin wants to enforce the use of HTTPS on a new website. Which of the following should the system admin do NEXT after generating the CSR? Install the certificates on the server Provide the public key to the CA Password protect the public key Ensure the new key is not on the CRL
Install the certificate on the server
A security analyst needs a solution that can execute potential malware in a restricted and isolated environment for analysis. In which of the following technologies is the analyst intersected? Sandboxing Staging DMZ Honeypot
Sandboxing
A security consultant is analyzing data from a recent compromise. The following data points are documented:-Removal instructions were not available from any major antivirus vendor. Which of the following types of malware is this an example of? RAT Ransomware Backdoor Keylogger Worm
Ransomware
A security analysis is investigating a security breach involving the loss of sensitive data. A user passed the information through social media as vacation photos. Which of the following methods was used to encode their data? Obfuscation Steganography Hashing Elliptic Curve
Steganography
A pass-the-hash attack is commonly used to:
Modify DNS records to point to a different domain
Modify the IP address of the targeted computer
Execute java script to capture user credentials
Laterally move across the network
Laterally move across the network
When an initialization vector is added to each encryption cycle, it is using the: ECB cipher mode MD5 cipher mode XOR cipher mode CBC cipher mode
CBC cipher mode
Which of the following is an example of the second A in the AAA model?
The encryption protocol successfully completes the handshake and establishes a connection
The one-time password is keyed in, and the login system grants access
The event log records a successful login with a type code that indicates an interactive login
A domain controller confirms membership in the appropriate group
A domain controller confirms membership in the appropriate group
A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following methods should the technician use? Shredding Wiping Low-level formatting Repartitioning Overwriting
Shredding
A security admin begins assessing a network with software that check for available exploits against a known database, using both credentials and external scripts A report will be compiled and used to confirm patching levels. This is an example of: Penetration testing fuzzing static code analysis vulnerability scanning
Vulnerability scanning
An attacker has gained control of several systems on the internet and is using them to attack a website, causing it to stop responding to legitimate traffic. Which of the following BEST describes the attack? MITM DNS Poisoning Buffer overflow DDoS
DDoS
When building a hosted datacenter, which of the following is the MOST important consideration for physical security within the datacenter? Security guards Cameras Secure Enclosures Biometrics
Secure Enclosures
A penetration tester was able to connect to a company’s internal network and perform scans and staged attacks for the duration of the testing period without being noticed. The SIEM did not alert the security team to the presence of the penetration tester’s devices on the network. Which of the following would provide the security team with notification in a timely manner?
Implement rogue system detection and sensors
Create a trigger on the IPS and alert the security team when unsuccessful logins occur
Decrease the correlation threshold for alerts on the SEIM
Run a credentialed vulnerability scan
Implement rogue system detection and sensors
Which of the following agreement types is a non-contractual agreement between two or more parties and outlines each party's requirements and responsibilities? BPA SLA MOU ISA
MOU
All employees of an organization received an email message from the CEO asking them for an urgent meeting in the main conference room. When the employees assembled, they learned the message received was not actually from the CEO. Which of the following BEST represents what happened? Spear phishing attack whaling attack phishing attack vishing attack
Spear Phishing attack
As a security measure, an org has disabled all external media from accessing the network. Since some use may have data that needs to be transferred to the network, which of the following would BEST assist a sec admin with transferring the data while keeping the internal network secure? Upload the media in the DMZ Upload the data in a separate VLAN Contact the data custodian Use a standalone scanning system
Use a standalone scanning system
An organization has written the following policies: Users must request approval for non-standard software installation. Admin will perform all software installations. Software must be installed fro a trusted repository. A recent security audit identified crypto-currency software installed on one user’s machine… Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?
the user’s machine was infected with malware; implant the orgs incident response
The user installed the software on the machine; implement technical controls to enforce the written policies
The crypto-currency software on the machine; implement technical controls to enforce the written policies
Admin downloaded the software from an untrusted repository; add a policy that requires integrity checking for all software
The user installed the software on the machine; implement technical controls to enforce the written policies
A security analyst performs a vulnerability scan on the local network. Several items are flagged on the report as being critical issues. The security analyst researches each of the vulnerabilities and discovers that one of the critical issues on the report was mitigated in a previous scan. Which of the following MOST likely happened? A patch was removed A false positive occurred The tool has a high crossover error rate A necessary service was not running
A false positive occurred
After deploying an antivirus solution on some network-isolated industrial computers, the service disk team received a trouble ticket about the following message being displayed on the computers’ screen: Your AV projection has blocked an unknown application while performing suspicious activities. The application was put in quarantine. Which of the following would be the SAFEST next step to address the issue?
Immediately delete the detected file from the quarantine to secure the environment and clear the alert from the antivirus code
Centrally activate a full scan for the entire set of industrial computers, looking for new threats
Check the antivirus vendor’s documentation about the security modules, incompatibilities, and software whitelisting
Check the antivirus vendor’s documentation about the security modules, incompatibilities, and software whitelisting
A network engineer needs to allow an orgs users to connect their laptops to wired and wireless networks from multiple locations and facilities, while preventing unauthorized connections to the corporate networks. Which of the following should be implemented to fulfill the engineer's requirements? Configure VLANs Install a honeypot Implement a VPN concentrator Enable MAC filtering
Implement a VPN concentrator
Which of the following helps find current and future gaps in an existing COOP? Vulnerability assessment Lessons learned Tabletop exercise After-action report
Tabletop exercise
The use of a unique attribute inherent to a user as part of an MFA system is BEST described as: Something you do Something you have Something you know Something you are
Something you are
