Technologies and Tools (2)

Question 1

You are concerned about an attacker enumerating all of your network. What protocol might help at least mitigate this issue?

HTTPS

IPSec

LDAPS

Answer 1

LDAPS

Lightweight Directory Access Protocol Secure (LDAPS) would at least mitigate the risk. LDAP is a directory of the network (computers, users, etc.). Securing that would help mitigate network enumeration

Question 2

You have been asked to implement a secure protocol for transferring files that uses digital certificates. Which protocol would be the best choice?

FTP

SFTP

FTPS

Answer 2

FTPS

FTPS is File Transfer Protocol with SSL/TLS and uses digital certificates to secure file transfer

Question 3

Ahmed is responsible for VoIP at his company. He has been directed to ensure that all VoIP calls have the option to be encrypted. What protocol is best suited for security VoIP calls?

SIP

TLS

SRTP

Answer 3

SRTP

Secure Real-Time Transport Protocol (SRTP) is used to encrypt and secure RTP. RTP is the protocol for transmitting VoIP

Question 4

What is the purpose of screen locks on mobile devices?

To encrypt the device

To limit access to the device

To load a specific user’s apps

Answer 4

To limit access to the device

A screen lock limits access to users who know the code

Question 5

Maria is a security engineer with a large bank. Her CIO has asked her to investigate the use of context-aware authentication for online banking. Which of the following best describes context-aware authentication?

In addition to username and password, authentication is based on the entire context (location, time of day, action being attempted, etc.).

Without a username or password, authentication is based on the entire context (location, time of day, action being attempted, etc.).

Authentication that requires a username and password, but in the context of a token or digital certificate

Answer 5

In addition to username and password, authentication is based on the entire context (location, time of day, action being attempted, etc.).

Context-aware authentication does still require a username and password, but in addition to those criteria, it examines the user’s location, time of day they are logging in, computer they are logging in from, what they are trying to do, and so forth

Question 6

What does application management accomplish for mobile devices?

Only allows applications from the iTunes store to be installed

Ensures the company has a list of all applications on the devices

Ensures only approved applications are installed on the devices

Answer 6

Ensures only approved applications are installed on the devices

Application management is primarily concerned with ensuring only authorized and approved applications are installed on mobile devices

Question 7

Dominick is responsible for security at a medium-sized insurance company. He is very concerned about detecting intrusions. The IDS he has purchased states that he must have an IDS on each network segment. What type of IDS is this?

IPS

Passive

Inline

Answer 7

Inline

An inline IDS is actually in the traffic line (i.e., on the network segment where traffic is)

Question 8

Remote employees at your company frequently need to connect to both the secure company network via VPN and open public websites, simultaneously. What technology would best support this?

Split tunnel

IPSec

Full tunnel

Answer 8

Split tunnel

Split tunneling allows a mobile user to access dissimilar security domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time

Question 9

Denish is looking for a solution that will allow his network to retrieve information from a wide range of web resources, while all traffic passes through a proxy. What would be the best solution?

Forward proxy

Reverse proxy

SPI

Answer 9

Forward proxy

A forward proxy is a single location that provides access to a wide range of web sources

Question 10

Someone has been rummaging through your company’s trash bins seeking to find documents, diagrams, or other sensitive information that has been thrown out. What is this called?

Dumpster diving

Trash diving

Social engineering

Answer 10

Dumpster diving

This is the term for rummaging through the waste/trash

Question 11

Derrick is responsible for a web server cluster at his company. The cluster uses various load-balancing protocols. Derrick wants to ensure that clients connecting from Europe are directed to a specific server in the cluster. What would be the best solution to his problem?

Affinity

Binding

Load balancing

Answer 11

Affinity

Affinity load balancing ties certain users or groups of users to a specific server so they will be routed to that server if possible

Question 12

Teresa is responsible for WiFi security in her company. Her main concern is that there are many other offices in the building her company occupies and that someone could easily attempt to breach their WiFi from one of these locations. What technique would be best in alleviating her concern?

Using thin WAPs

Geofencing

WAP placement

Answer 12

WAP placement

Placing the WAPs carefully so as to provide the best coverage for the company, with minimum overlap outside the company, will be the best way to keep those in adjacent offices from attempting to breach the WiFi. When placing WAPs for the best coverage, one needs to focus on signal strength to ensure there is no gaps between WPAs

Question 13

Juan is responsible for the SIEM in his company. The SIEM aggregates logs from 12 servers. In the event that a breach is discovered, which of the following would be Juan’s most important concern?

Event duplication

Impact assessment

Correlation

Answer 13

Correlation

Correlating the events from the servers related to the breach would be the most important issue to address for the SIEM manager

Question 14

When you are considering an NIDS or NIPS, what are your two most important concerns?

Cost and false positives

False positives and false negatives

Power consumption and cost

Answer 14

False positives and false negatives

The total number of erroneous reports (i.e., false positives and false negatives) is the biggest concern because this determines effectiveness of the system

Question 15

Shelly is very concerned about unauthorized users connecting to the company routers. She would like to prevent spoofing. What is the most essential antispoofing technique for routers?

ACL

Logon

NIPS

Answer 15

ACL

Access control lists are Cisco’s primary recommendation to prevent spoofing on routers. ACLs limit access to the router and its functionality

Question 16

Farès has implemented a flood guard. What type of attack is this most likely to defend against?

SYN attack

DNS poisoning

MAC spoofing

Answer 16

SYN attack

A SYN attack is a type of flooding attack that is a denial of service. Flood guards are either stand-alone or, more often, part of a firewall, and they prevent flooding attacks

Question 17

Terrance is trying to get all of his users to connect to a certificate server on his network. However, some of the users are using machines that are incompatible with the certificate server, and changing those machines is not an option. Which of the following would be the best solution for Terrance?

Use an application proxy for the certificate server.

Use NAT with the certificate server.

Change the server.

Answer 17

Use an application proxy for the certificate server.

An application proxy server is often used when the client and the server are incompatible for direct connection with the server

Question 18

John is implementing virtual IP load-balancing. He thinks this might alleviate network slowdowns, and perhaps even mitigate some of the impact of a denial-of-service attack. What is the drawback of virtual IP load-balancing?

It is resource-intensive.

Most servers don’t support it.

It is connection-based, not load-based.

Answer 18

It is connection-based, not load-based.

Virtual IP load balancing does not take the load of each interface into account and assumes all loads are essentially similar

Question 19

There has been a breach of the ACME network. John manages the SIEM at ACME. Part of the attack disrupted NTP; what SIEM issue would this most likely impact?

Time synchronization

Correlation

Event duplication

Answer 19

Time synchronization

If Network Time Protocol (NTP) is disrupted, then the various servers that forward logs to the SIEM might not have the same time. This could lead to events that actually took place at the same time appearing to have occurred at different times

Question 20

You are a security officer for a large law firm. You are concerned about data loss prevention. You have limited the use of USBs and other portable media, you use an IDS to look for large volumes of outbound data, and a guard searches all personnel and bags before they leave the building. What is a key step in DLP that you have missed?

Portable drives

Email

Bluetooth

Answer 20

Email

An insider could send out data as an email attachment

Question 21

Which of the following email security measures would have the most impact on phishing emails?

Email encryption

Digitally signing email

Spam filter

Answer 21

Spam filter

Phishing emails are often sent out to masses of people and a spam filter would block at least some of that, thus reducing the phishing email attacks

Question 22

Joanne has implemented TLS for communication with many of her networks servers. She wants to ensure that the traffic cannot be sniffed. However, users now complain that this is slowing down connectivity. Which of the following is the best solution?

Increase RAM on servers.

Change routers to give more bandwidth to traffic to these servers.

Implement TLS accelerators.

Answer 22

Implement TLS accelerators.

A TLS accelerator is a processor that handles processing, specifically processor-intensive public-key encryption for Transport Layer Security (TLS). This should significantly improve server responsiveness

Question 23

Olivia has discovered steganography tools on an employee’s computer. What is the greatest concern regarding employees having steganography tools?

Password cracking

Data exfiltration

Hiding network traffic

Answer 23

Data exfiltration

An employee could hide sensitive data in files using steganography and then exfiltrate that data

Question 24

John has discovered that an attacker is trying to get network passwords by using software that attempts a number of passwords from a list of common passwords. What type of attack is this?

Dictionary

Rainbow table

Brute force

Answer 24

Dictionary

This is an example of a dictionary attack. The attacker uses a list of words that are believed to be likely passwords

Question 25

Isabella has found netcat installed on an employee’s computer. That employee is not authorized to have netcat. What security concern might this utility present?

It is a password cracker.

It is a packet sniffer.

It is a network communication utility.

Answer 25

It is a network communication utility.

Netcat is a tool widely used by network administrators to establish communication between two machines. Having netcat on a machine could indicate an intruder has compromised that machine and installed netcat as a backdoor, or that the employee is setting up covert communication channels

Question 26

Omar is a network administrator for ACME Company. He is responsible for the certificate authorities within the corporate network. The CAs publish their CRLs once per week. What, if any, security issue might this present?

Revoked certificates still being used

Invalid certificates being issued

Certificates with weak keys

Answer 26

Revoked certificates still being used

The certificate revocation list designates certificates that have been revoked for some reason. Those certificates should no longer be used. But if the CRL is published only once per week, then a revoked certificate could potentially be used for up to a week after being revoked

Question 27

Hans is a network administrator for a large bank. He is concerned about employees violating software licenses. What would be the first step in addressing this issue?

Performing software audits

Scanning the network for installed applications

Establishing clear policies

Answer 27

Establishing clear policies

A clear security policy must be created that explains software licensing and the company processes for software licensing. Without clear policies, any other countermeasures will be less effective

Question 28

You are responsible for authentication methods at your company. You have implemented fingerprint scanners to enter server rooms. Frequently people are being denied access to the server room, even though they are authorized. What problem is this?

FAR

FRR

CER

Answer 28

FRR

The false rejection rate (FRR) is the rate at which authentication attempts are rejected when they should have succeeded. When you are getting a high number of authorized individuals being denied access, that is due to an FRR that is too high

Question 29

John is responsible for network security at a very small company. Due to both budget constraints and space constraints, John can select only one security device. What should he select?

Antivirus

IDS

UTM

Answer 29

UTM

Unified threat management (UTM) combines multiple security services into one device. It is common for a UTM to have firewall, antivirus, and IDS services all in one device