Technologies and Tools (5)

Question 1

You work for a large bank. The bank is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the best solution to this problem?

IDS

DLP

Content filtering

Answer 1

DLP

Data loss prevention (DLP) is a broad term encapsulating a family of technologies and policies designed to prevent data from being lost. Limiting the use of unapproved USB devices is one example of DLP

Question 2

Francine is concerned about employees in her company jailbreaking their COPE devices. What would be the most critical security concern for jailbroken devices?

They would no longer get security patches.

It would disable FDE.

Unauthorized applications could be installed.

Answer 2

Unauthorized applications could be installed.

When a device is jailbroken—particularly an iOS device—the device owner can then install any application they wish onto the device. This can lead to unauthorized, and potentially malicious, applications being installed

Question 3

You are responsible for mobile device security in your company. Employees have COPE devices. Many employees only enter the office infrequently, and you are concerned that their devices are not receiving firmware updates on time. What is the best solution for this problem?

Scheduled office visits for updates

OTA updates

Moving from COPE to BYOD

Answer 3

OTA updates

Over-the-air (OTA) updates are accomplished wirelessly. This can be done over a cellular network, wherever the device is. Using OTA updates for the mobile devices is the most efficient solution

Question 4

Frank is looking for a remote authentication and access protocol. It must be one that uses UDP due to firewall rules. Which of the following would be the best choice?

RADIUS

Diameter

TACACS +

Answer 4

RADIUS

Remote Authentication Dial-In User Service (RADIUS) is an older authentication and access control protocol, but it uses UDP. The other options mentioned do not use UDP

Question 5

You have discovered that one of the employees at your company tethers her smartphone to her work PC to bypass the corporate web security and access prohibited websites while connected to the LAN. What would be the best way to prevent this?

Disable wireless access.

Implement a WAF.

Implement a policy against tethering.

Answer 5

Implement a policy against tethering.

Employees using tethering can be a significant security issue. However, none of the technological solutions listed would solve it. Therefore, implementing (and enforcing) a clear policy against tethering is the only viable option

Question 6

You work for a large bank. One of your responsibilities is to ensure that web banking logins are as secure as possible. You are concerned that a customer’s account login could be compromised and someone else would use that login to access the customer’s account. What is the best way to mitigate this threat?

Use SMS authentication for any logins from an unknown location or computer.

Require strong passwords.

Do not allow customers to log on from any place other than their home computer.

Answer 6

Use SMS authentication for any logins from an unknown location or computer.

Many banks already implement a policy of sending a customer an SMS message with an authentication code anytime someone tries to log into the bank website from an unknown location. This provides a second communications channel for authenticating the customer

Question 7

You have discovered that some employees in your company have installed custom firmware on their portable devices. What security flaw would this most likely lead to?

Unauthorized software can run on the device.

The device may not connect to the network.

The device will overheat.

Answer 7

Unauthorized software can run on the device.

Although many things can occur from running custom firmware on a device, the most likely issue is that unauthorized software can be installed. This software could be malicious software

Question 8

You are configuring BYOD access for your company. You want the absolute most robust security for the BYOD on your network. What would be the best solution?

Agentless NAC

Agent NAC

Digital certificate authentication

Answer 8

Agent NAC

Network Access Control (NAC) allows the network to enforce a level of host health checks on devices before allowing it to connect. With agent NAC, a software agent is installed on any device that wishes to connect to the network. That agent can do a much more thorough systems health check of the BYOD

Question 9

You work for a large law firm and are responsible for network security. It is common for guests to come to the law firm (clients, expert witnesses, etc.) who need to connect to the firm’s WiFi. You wish to ensure that you provide the maximum security when these guests connect with their own devices, but you also wish to provide assurance to the guest that you will have minimal impact on their device. What is the best solution?

Permanent NAC agent

Agentless NAC

Dissolvable NAC agent

Answer 9

Dissolvable NAC agent

Network Access Control (NAC) performs a systems health check on devise and validates that the device meets minimum security standards before allowing it to connect. An agent-based NAC is more thorough in scanning the device. However, that leaves an agent on the visitor’s device. A dissolvable agent will delete after a period of time

Question 10

Tom is concerned about how his company can best respond to breaches. He is interested in finding a way to identify files that have been changed during the breach. What would be the best solution for him to implement?

NAC

File integrity checker

Vulnerability scanner

Answer 10

File integrity checker

File integrity checkers work by storing hashes of various files. At any time, the administrator can use the file integrity checker to compare the stored hash to the hash of the “live” file on the network. This will detect whether any changes have been made to the file

Question 11

Mary works for a large insurance company and is responsible for cybersecurity. She is concerned about insiders and wants to detect malicious activity on the part of insiders. But she wants her detection process to be invisible to the attacker. What technology best fits these needs?

Hybrid NIDS

Out-of-band NIDS

NIPS

Answer 11

Out-of-band NIDS

An out-of-band network intrusion detection system (NIDS) places the management portion on a different network segment, making detection of the NIDS more difficult

Question 12

Denish is responsible for security at a large financial services company. The company frequently uses SSL/TLS for connecting to external resources. He has concerns that an insider might exfiltrate data using an SSL/TLS tunnel. What would be the best solution to this issue?

NIPS

SSL decryptor

SSL accelerator

Answer 12

SSL decryptor

An SSL decryptor is used to decrypt SSL/TLS transmission. The decryptor must have the appropriate encryption keys and certificate to accomplish this. It is a good way for a company to monitor outbound SSL/TLS traffic. The traffic is first decrypted before the network gateway, and then re-encrypted to leave the network. This allows outbound traffic to be analyzed

Question 13

You want to allow a media gateway to be accessible through your firewall. What ports should you open? (Choose two.)

2427

1707

2227

1727

Answer 13

2427

2227

One for the gateway and one for the call agent. From the call agent to the gateway is using UDP port 2427, and if it’s from the gateway to the call agent, it uses UDP port 2727

Question 14

Dennis is implementing wireless security throughout his network. He is using WPA2. However, there are some older machines that cannot connect to WPA2—they only support WEP. At least for now, he must keep these machines. What is the best solution for this problem?

Put those machines on a different VLAN.

Deny wireless capability for those machines.

Put those machines on a separate wireless network with separate WAP.

Answer 14

Put those machines on a separate wireless network with separate WAP.

When you must support machines that cannot connect to newer, more secure WiFi protocols, then put those machines on a separate WiFi network. That won’t prevent them from being breached, but it will prevent that breach from exposing your entire network

Question 15

You are a security administrator for Acme Company. Employees in your company routinely upload and download files. You are looking for a method that allows users to remotely upload or download files in a secure manner. The solution must also support more advanced file operations such as creating directories, deleting files, and so forth. What is the best solution for this?

SFTP

SSH

SCP

Answer 15

SFTP

Secure File Transfer Protocol (SFTP) is a protocol based on Secure Shell, and it provides directory listing, remote file deletion, and other file management abilities. It is also secure

Question 16

Your company allows BYOD on the network. You are concerned about the risk of malicious apps being introduced to your network. Which of the following policies would be most helpful in mitigating that risk?

Prohibiting apps from third-party stores

Application blacklisting

Antimalware scanning

Answer 16

Prohibiting apps from third-party stores

Third-party app stores are stores run by someone other than the vendor. They don’t have restrictions on what apps can be placed in them. This can lead to malicious apps being in the store. By only using vendor stores (iTunes, Google Play, etc.), you can be assured that the apps have been scanned for malware

Question 17

John is the CISO for a small company. The company has password policies, but John is not sure the policies are adequate. He is concerned that someone might be able to “crack” company passwords. What is the best way for John to determine whether his passwords are vulnerable?

Run a good vulnerability scan.

Perform a password policy audit.

Use one or more password crackers himself.

Answer 17

Use one or more password crackers himself.

The best way to see if passwords are crackable is to attempt to crack them. This is done by using one or more well-known and reliable password crackers. If you are able to crack your passwords, that demonstrates they are not adequate

Question 18

You are scanning your network using a packet sniffer. You are seeing traffic on ports 25 and 110. What security flaw would you most likely notice on these ports?

Website vulnerabilities

Unencrypted credentials

Misconfigured FTP

Answer 18

Unencrypted credentials

Port 25 is for Simple Mail Transfer Protocol (SMTP), which is used to send email. Port 110 is for Post Office Protocol (POP) version 3, which is used to receive email. These two ports are used for the unencrypted versions of these email protocols. So if these are being used, then you will see unencrypted email credentials. The username and password will be sent in clear text

Question 19

Abigail is a network administrator with ACME Company. She believes that a network breach has occurred in the data center as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should she search for in the logs to confirm if such a breach occurred?

Traffic on port 23

Traffic on port 22

Unencrypted credentials

Answer 19

Traffic on port 22

Secure Shell (SSH) uses port 22. If there was a breach that allowed external access to the SSH server, there will be traffic on port 22

Question 20

Gianna is evaluating the security of her company. The company has a number of mobile apps that were developed in house for use on COPE devices. She wants to ensure that these apps are updated as soon as an update is available. What should she ensure is being used?

Firmware OTA

Push notifications

Scheduled updates

Answer 20

Push notifications

Push notifications are used to send out updates when they are ready. With push notifications, you do not wait for the user to check for an update; the update is sent as soon as it is ready

Question 21

Liam is concerned about the security of both COPE and BYOD devices. His company uses a lot of Android-based devices, and he is concerned about users getting administrative access and altering security features. What should he prohibit in his company?

Jailbreaking

Custom firmware

Rooting

Answer 21

Rooting

Rooting is a process that allows you to attain root access to the Android operating system code. Rooting allows the user to do virtually anything, including modify the software code on the device or install other software that normally would be blocked

Question 22

Heidi works for a large company that issues various mobile devices (tablets and phones) to employees. She is concerned about unauthorized access to mobile devices. Which of the following would be the best way to mitigate that concern?

Biometrics

Screen lock

Context-aware authentication

Answer 22

Biometrics

Biometrics, type III authentication, are very robust. Biometrics are based on a biological part of the authorized user, so they are very difficult to fake and impossible for the user to lose

Question 23

You are looking for a point-to-point connection method that would allow two devices to synchronize data. The solution you pick should not be affected by EMI (electromagnetic interference) and should be usable over distances exceeding 10 meters, provided there is a line-of-sight connection. What would be the best solution?

Bluetooth

WiFi

Infrared

Answer 23

Infrared

Infrared uses a wavelength of light that is not visible to humans. Since it is light, it is not susceptible to EMI. It can be used over most distances, provided there is a line of sight. The disadvantage is that any break in the line of sight breaks communication

Question 24

Ethan has noticed some users on his network accessing inappropriate videos. His network uses a proxy server that has content filtering with blacklisting. What is the most likely cause of this issue?

Sites not on the blacklist

Misconfigured content filtering

Someone circumventing the proxy server

Answer 24

Sites not on the blacklist

Blacklisting blocks any sites or content specifically on the blacklist. However, it is impossible to list every inappropriate site on the Internet, so some are not going to be listed and thus are accessible

Question 25

You are looking for tools to assist in penetration testing your network. Which of the following best describes Metasploit?

Hacking tool

Vulnerability scanner

Exploit framework

Answer 25

Exploit framework

Metasploit is a widely used exploit framework. It provides a complete suite of tools that allow you to scan targets, locate vulnerabilities, and then attempt to exploit those vulnerabilities

Question 26

Logan is responsible for enforcing security policies in his company. There are a number of policies regarding the proper configuration of public-facing servers. Which of the following would be the best way for Logan to check to see if such policies are being enforced?

Periodically audit selected servers.

Implement a configuration compliance scanning solution.

Conduct routine penetration tests of those servers.

Answer 26

Implement a configuration compliance scanning solution.

Configuration compliance scanning solutions take the configuration settings that the administrator provides and scans targeted devices and computers to see whether they comply. This is an effective method for checking compliance