Security+ Midterm

Question 1

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS?

Buffer overflow attack
Process affinity
Pivoting
Privilege escalation

Answer 1

Privilege escalation

Question 2

When designing a web based client server application with single application server and database cluster backend, input validation should be performed:

On the client
Using HTTPS
Using database stored procedures
On the application server

Answer 2

On the application server

Question 3

Which of the following could occur when both strong and weak ciphers are configured on a VPN concentrator? (Select TWO)

The VPN concentrator could revert to L2TP.
The integrity of the data could be at risk.
An attacker could potentially perform a downgrade attack.
The IPSec payload reverted to 16-bit sequence numbers
The connection is vulnerable to resource exhaustion.

Answer 3

An attacker could potentially perform a downgrade attack.

The IPSec payload reverted to 16-bit sequence numbers

Question 4

Upon entering an incorrect password, the logon screen displays a message informing the user that the password does not match the username provided and is not the required length of 12 characters. Which of the following secure coding techniques should a security analyst address with the application developers to follow security best practices?

Obfuscation
Input validation
Error handling
Data exposure

Answer 4

Error handling

Question 5

A security analyst observes the following events in the logs of an employee workstation:

Question_Chap5_67.JPG

Given the information provided, which of the following MOST likely occurred on the workstation?

Application whitelisting controls blocked an exploit payload from executing.
The SIEM log agent was not tuned properly and reported a false positive.
Antivirus software found and quarantined three malware files
Automatic updates were initiated but failed because they had not been approved.

Answer 5

Application whitelisting controls blocked an exploit payload from executing.

Question 6

Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users’ email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should
be taken FIRST? (Select TWO)

Update WAF rules to block social networks
Disable the compromised accounts
Enable sender policy framework
Remove the compromised accounts with all AD groups
Change the compromised accounts’ passwords
Disable the open relay on the email server

Answer 6

Enable sender policy framework

Disable the open relay on the email server

Question 7

A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?
The hacker-exploited improper key management.
The hacker used a pass-the-hash attack.
The hacker used a race condition.
The hacker exploited weak switch configuration.

Answer 7

The hacker exploited weak switch configuration.

Question 8

A security administrator learns that PII, which was gathered by the organization, has been found in an open forum. As a result, several C-level executives found their identities were compromised, and they were victims of a recent whaling attack. Which of the following would prevent these problems in the future? (Select TWO).
  Implement a HIDS 
  Implement a spam filter 
  Implement an email DLP 
  Implement a reverse proxy. 
  Implement a host-based firewall

Answer 8

Implement a spam filter

Implement an email DLP

Question 9

A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased.

Which of the following is the MOST likely cause of the decreased disk space?

Logs and events anomalies
Unauthorized software
Authentication issues
Misconfigured devices

Answer 9

Unauthorized software

Question 10

A software developer is concerned about DLL hijacking in an application being written. Which of the following is the MOST viable mitigation measure of this type of attack?
Access to DLLs from the Windows registry should be disabled
The DLL of each application should be set individually
The affected DLLs should be renamed to avoid future hijacking
All calls to different DLLs should be hard-coded in the application

Answer 10

All calls to different DLLs should be hard-coded in the application

Question 11

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website. During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
  Man-in-the-middle 
  Replay 
  Transitive access 
  Spoofing

Answer 11

Man-in-the-middle

Question 12

A member of the admins group reports being unable to modify the “changes” file on a server. The permissions on the file are as follows:

Permissions User Group File
-rwxrw-r–+ Admins Admins changes

Based on the output above, which of the following BEST explains why the user is unable to modify the “changes” file?

The SELinux mode on the server is set to “permissive.”
The SELinux mode on the server is set to “enforcing.”
A FACL has been added to the permissions for the file.
The admins group does not have adequate permissions to access the file.

Answer 12

A FACL has been added to the permissions for the file.

Question 13

Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?

No answer text provided.
XSS
MITM
Buffer overflow attack

Answer 13

XSS

Question 14

Which of the following types of attacks precedes the installation of a rootkit on a server?

  DDoS 
  Pharming 
  Buffer overflow attack 
  Cross-site scripting attack 
  Privilege escalation

Answer 14

Privilege escalation

Question 15

An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then use a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack?

  Smurf attack 
  Buffer overflow attack 
  Cross-site scripting attack 
  Replay attack 
  Integer overflow attack

Answer 15

Replay attack

Question 16

Which of the following BEST describes an attack where communications between two parties are intercepted and forwarded to each party with neither party being aware of the interception and potential modification to the communications?
  spear phishing 
  Man-in-the-middle 
  URL hijacking 
  Transitive access

Answer 16

Man-in-the-middle

Question 17

A security analyst receives an alert from a WAF with the following payload:

var data= “” ++ “

Which of the following types of attacks is this?

  SQL injection 
  Cross-site request forgery 
  JavaScript data insertion 
  Firewall evasion script 
  Buffer overflow

Answer 17

JavaScript data insertion

Question 18

Which of the following techniques can bypass a user or computer's web browser privacy settings? (Select Two)
  SQL injection 
  Session hijacking 
  Locally shared objects 
  Cross-site scripting 
  LDAP injection

Answer 18

Session hijacking

Cross-site scripting

Question 19

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks?
  Header manipulation 
  Cross-site scripting 
  SQL injection 
  Flash cookie exploitation

Answer 19

Cross-site scripting

Question 20

A bank is experiencing a DoS attack against an application designed to handle 500 IP-based sessions. In addition, the perimeter router can only handle 1Gbps of traffic. Which of the following should be implemented to prevent a DoS attacks in the future?
Install a firewall at the network to prevent all attacks
Increase the capacity of the perimeter router to 10 Gbps
Use redundancy across all network devices and services
Deploy multiple web servers and implement a load balancer

Answer 20

Use redundancy across all network devices and services

Question 21

A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing?
  Cookie hijacking 
  Header manipulation 
  Cross-site scripting 
  XML injection

Answer 21

Header manipulation

Question 22

*** During a routine vulnerability assessment, the following command was successful:
echo “vrfy ‘perl -e ‘print “hi” x 500 ‘ ‘ “ | nc www.company.com 25

Which of the following vulnerabilities is being exploited?

Cross-site scripting directed at www.company.com
Buffer overflow directed at a specific host MTA
SQL injection directed at a web server
Race condition in a UNIX shell script

Answer 22

Buffer overflow directed at a specific host MTA

Question 23

A computer on a company network was infected with a zero-day exploit after an employee accidentally opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidentally opened it.

Which of the following should be done to prevent this scenario from occurring again in the future?

Install end-point protection on all computers that access web email
Create new email spam filters to delete all messages from that sender
Install host-based firewalls on all computers that have an email client installed
Set the email program default to open messages in plain text

Answer 23

Install end-point protection on all computers that access web email

Question 24

Malicious traffic from an internal network has been detected on an unauthorized port on an application server.

Which of the following network-based security controls should the engineer consider implementing?

ACLs
NAT
HIPS
MAC filtering

Answer 24

ACLs

Question 25

An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?
  False positive 
  False negative 
  True positive 
  True negative

Answer 25

False positive

Question 26

A security administrator needs an external vendor to correct an urgent issue with an organization’s physical access control system (PACS). The PACS does not currently have internet access because it is running a legacy operation system. Which of the following methods should the security administrator select the best balances security and efficiency?
Temporarily permit outbound internet access for the PACS so desktop sharing can be set up
Set up a web conference on the administrator’s PC; then remotely connect to the PACS
Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
Have the external vendor come onsite and provide access to the PACS directly

Answer 26

Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

Question 27

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files?
Enable verbose system logging
Change the permissions on the user’s home directory
Implement remote syslog
Set the bash_history log file to “read only”

Answer 27

Implement remote syslog

Question 28

A new firewall has been placed into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network.

Which of the following steps should be completed to BEST resolve the issue?

The firewall should be configured to prevent user traffic from matching the implicit deny rule.
The firewall should be configured with port security to allow traffic.
The firewall should be configured with access lists to allow inbound and outbound traffic.
The firewall should be configured to include an explicit deny rule.

Answer 28

The firewall should be configured to prevent user traffic from matching the implicit deny rule.

Question 29

A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops’ local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible.

Which of the following is the BEST way to accomplish this?

Air gap the desktops
Join the desktops to an ad-hoc network
Create a separate VLAN for the desktops
Put the desktops in the DMZ

Answer 29

Air gap the desktops

Question 30

An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of:
  Exploiting the switch 
  Escalation of privileges 
  Persistence 
  Passive reconnaissance

Answer 30

Exploiting the switch

Question 31

Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop.

Which of the following is an appropriate control to use to prevent the other patron from accessing Joe’s laptop directly?

Host-based firewall
full-disk encryption
Latest OS updates
Current antivirus definitions

Answer 31

Host-based firewall

Question 32

Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?

Enabling full disk encryption
Implementing a unique user PIN access functions
Isolating the systems using VLANs
Installing a software-based IPS on all devices

Answer 32

Isolating the systems using VLANs

Question 33

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication.

Which of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel?

L2TP
SSL VPN
Transport mode VPN IPSec
Tunnel mode IPSec

Answer 33

SSL VPN

Question 34

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net).

Which of the following rules is preventing the CSO from accessing the site?

Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

Rule 2: deny from inside to outside source any destination any service ping
Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
Rule 1: deny from inside to outside source any destination any service smtp
Rule 4: deny from any to any source any destination any service any

Answer 34

Rule 3: deny from inside to outside source any destination {blocked sites} service http-https

Question 35

After a routine audit, a company discovers that engineering documents have been leaving the network on a particular port. The company must allow outbound traffic on this port, as it has a legitimate business use. Blocking the port would cause an outage.

Which of the following technology controls should the company implement?

NAC
Web proxy
DLP
ACL

Answer 35

DLP

Question 36

The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers’ names and credit card numbers with the PIN.

Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?

Cerate a user training program to identify the correct use of email and perform regular audits to ensure compliance
Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted
Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
Classify all data according to its sensitivity and inform the users of data that is prohibited to share

Answer 36

Implement a DLP solution on the email gateway to scan email and remove sensitive data or files

Question 37

Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?

Community
Hybrid
Private
Public

Answer 37

Community

Question 38

A group of non-profit agencies wants to implement a cloud service to share resources with each other and minimize costs.

Which of the following cloud deployment models BEST describes this type of effort?

Community
Public
Hybrid
Private

Answer 38

Community

Question 39

When it comes to cloud computing, if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that would be BEST suited for this goal?

Infrastructure
Platform
Software
Virtualization

Answer 39

Infrastructure

Question 40

When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Select two.)

  Size of the corporation 
  Adherence to regulatory compliance 
  Breadth of applications support 
  Data retention policies 
  Use of performance analytics

Answer 40

Adherence to regulatory compliance

Data retention policies

Question 41

Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company’s public facing website in the DMZ. Joe is using steganography to hide stolen data.

Which of the following controls can be implemented to mitigate this type of inside threat?

  Digital signatures 
  Access controls 
  Firewall 
  File integrity monitoring 
  Stateful inspection 
  Change management

Answer 41

File integrity monitoring

Question 42

The IT department needs to prevent users from installing untested applications.

Which of the following would provide the BEST solution?

Job rotation
Antivirus
Account lockout
Least privilege

Answer 42

Least privilege

Question 43

A network administrator wants to implement a method of securing internal routing.

Which of the following should the administrator implement?

VPN
DMZ
NAT
PAT

Answer 43

VPN

Question 44

An organization has implemented an IPSec VPN access for remote users.

Which of the following IPSec modes would be the MOST secure for this organization to implement?

ESP-only mode
Transport mode
AH-only mode
Tunnel mode

Answer 44

Tunnel mode

Question 45

A security administrator has been asked to implement a VPN that will support remote access over IPSEC.

Which of the following is an encryption algorithm that would meet this requirement?

AES
PKI
UDP
MD5

Answer 45

AES

Question 46

A technician must configure a firewall to block external DNS traffic from entering a network.

Which of the following ports should they block on the firewall?

110
443
53
143

Answer 46

53

Question 47

A security administrator wishes to implement a secure method of file transfer when communicating with outside organizations.

Which of the following protocols would BEST facilitate secure file transfers? (Select TWO)

  FTP 
  SNMP 
  SCP 
  TFTP 
  FTPS

Answer 47

SCP

FTPS

Question 48

A security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modern FTP client software. The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections.

Which of the following would BEST accomplish these goals?

Use explicit FTPS for connections.
Require the SFTP protocol to connect to the file server.
Use SSH tunneling to encrypt the FTP traffic.
Use implicit TLS on the FTP server.

Answer 48

Use explicit FTPS for connections.

Question 49

A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network.

Which of the following should be implemented if the administrator does not want to provide the wireless password or the certificate to the employees?

WPS
WPA2-PSK
TKIP
802.1x

Answer 49

WPS

Question 50

A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network.

Which of the following security measures did the technician MOST likely implement to cause this Scenario?

 Beacon interval was decreased 
  Reduction of WAP signal output power 
  Activation of 802.1X with RADIUS 
  Deactivation of SSID broadcast 
  Implementation of MAC filtering

Answer 50

Deactivation of SSID broadcast

Question 51

When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured when connecting to WPA2-PSK?

MD5
AES
WEP
DES

Answer 51

AES

Question 52

A security guard has informed the Chief Information Security Officer that a person with a tablet has been walking around the building. The guard also noticed strange white markings in different areas of the parking lot.

The person is attempting which of the following types of attacks?

Warchalking
Packet sniffing
Jamming
Near field communication

Answer 52

Warchalking

Question 53

A security engineer is configuring a wireless network with EAP-TLS. Which of the following activities is a requirement for this configuration?

Configuring federation between authentication servers
Setting up a TACACS+ server
Deploying certificates to endpoint devices
Enabling TOTP

Answer 53

Deploying certificates to endpoint devices

Question 54

Which of the following attack types is being carried out where a target is being sent unsolicited messages via Bluetooth?

Rogue tethering
Warchalking
Bluejacking
Bluesnarfing

Answer 54

Bluejacking

Question 55

A system administrator wants to provide for and enforce wireless access accountability during events where external speakers are invited to make presentations to a mixed audience of employees and non-employees.

Which of the following should the administrator implement?

Preshared passwords
Sponsored guest
Shared accounts
Least privilege

Answer 55

Sponsored guest

Question 56

An attack that is using interference as its main attack to impede network traffic is which of the following?

Using a similar wireless configuration of a nearby network
Utilizing a previously unknown security flaw against the target
Introducing too much data to a targets memory allocation
Inundating a target system with SYN requests

Answer 56

Using a similar wireless configuration of a nearby network

Question 57

A security administrator wants to configure a company’s wireless network in a way that will prevent wireless clients from broadcasting the company’s SSID.

Which of the following should be configured on the company’s access points?

  Enable ESSID broadcast 
  Enable protected management frames 
  Disable MAC authentication 
  Disable SSID broadcast 
  Disable WPS 
  Enable wireless encryption

Answer 57

Disable SSID broadcast

Question 58

A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFi enabled baby monitor while the baby’s parents were sleeping.

Which of the following BEST describes how the intruder accessed the monitor?

Social engineering
Outdated antivirus
WiFi signal strength
Default configuration

Answer 58

Default configuration

Question 59

After correctly configuring a new wireless enabled thermostat to control the temperature of the company’s meeting room, Joe, a network administrator determines that the thermostat is not connecting to the internet based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence.

Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

The thermostat is using the incorrect encryption algorithm
The company’s DHCP server scope is full
The WPA2 shared likely is incorrect
The company implements a captive portal

Answer 59

The WPA2 shared likely is incorrect

Question 60

A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company.

Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network?

Pre-shared key
Wi-Fi Protected setup
Enterprise
Captive portal

Answer 60

Captive portal