Security+ Questions, Ch 6 Flashcards
A computer on a company network was infected with a zero-day exploit after an employee accidentally opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidentally opened it.
Which of the following should be done to prevent this scenario from occurring again in the future?
Install host-based firewalls on all computers that have an email client installed
Set the email program default to open messages in plain text
Install end-point protection on all computers that access web email
Create new email spam filters to delete all messages from that sender
Install end-point protection on all computers that access web email
Malicious traffic from an internal network has been detected on an unauthorized port on an application server.
Which of the following network-based security controls should the engineer consider implementing?
ACLs
HIPS
NAT
MAC filtering
ACLs
An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?
False negative
True negative
False positive
True positive
False positive
A security administrator needs an external vendor to correct an urgent issue with an organization’s physical access control system (PACS). The PACS does not currently have internet access because it is running a legacy operation system. Which of the following methods should the security administrator select the best balances security and efficiency?
Temporarily permit outbound internet access for the PACS so desktop sharing can be set up
Have the external vendor come onsite and provide access to the PACS directly
Correct!
Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
Set up a web conference on the administrator’s PC; then remotely connect to the PACS
Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following actions will help detect attacker attempts to further alter log files?
Enable verbose system logging
Change the permissions on the user’s home directory
Implement remote syslog
Set the bash_history log file to “read only”
Implement remote syslog
A new firewall has been placed into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network.
Which of the following steps should be completed to BEST resolve the issue?
The firewall should be configured to prevent user traffic from matching the implicit deny rule.
The firewall should be configured with access lists to allow inbound and outbound traffic.
The firewall should be configured with port security to allow traffic.
The firewall should be configured to include an explicit deny rule.
The firewall should be configured to prevent user traffic from matching the implicit deny rule.
A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops’ local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible.
Which of the following is the BEST way to accomplish this?
Put the desktops in the DMZ
Create a separate VLAN for the desktops
Air gap the desktops
Join the desktops to an ad-hoc network
Air gap the desktops
An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of: You Answered Passive reconnaissance Persistence Escalation of privileges Exploiting the switch
Exploiting the switch
Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop.
Which of the following is an appropriate control to use to prevent the other patron from accessing Joe’s laptop directly?
full-disk encryption
Host-based firewall
Current antivirus definitions
Latest OS updates
Host-based firewall
Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?
Isolating the systems using VLANs
Installing a software-based IPS on all devices
Enabling full disk encryption
Implementing a unique user PIN access functions
Isolating the systems using VLANs
A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication.
Which of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel?
Tunnel mode IPSec
Transport mode VPN IPSec
L2TP
SSL VPN
SSL VPN
A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net).
Which of the following rules is preventing the CSO from accessing the site?
Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?
Rule 1: deny from inside to outside source any destination any service smtp
Rule 2: deny from inside to outside source any destination any service ping
Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
Rule 4: deny from any to any source any destination any service any
Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
After a routine audit, a company discovers that engineering documents have been leaving the network on a particular port. The company must allow outbound traffic on this port, as it has a legitimate business use. Blocking the port would cause an outage.
Which of the following technology controls should the company implement?
NAC
Web proxy
DLP
ACL
Web proxy
The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers’ names and credit card numbers with the PIN.
Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data?
Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted
Cerate a user training program to identify the correct use of email and perform regular audits to ensure compliance
Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
Classify all data according to its sensitivity and inform the users of data that is prohibited to share
Implement a DLP solution on the email gateway to scan email and remove sensitive data or files
