test 1 Flashcards
Which of the following cryptography algorithms will produce a fixed-length, irreversible output?
A. AES
B. 3DES
C. RSA
D. MD5
D. MD5
A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size of the report is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Select three.)
A. S/MIME
B. SSH
C. SNMPv3
D. FTPS
E. SRTP
F. HTTPS
G. LDAPS
B. SSH
D. FTPS
F. HTTPS
Which of the following network vulnerability scan indicators BEST validates a successful, active scan?
A. The scan job is scheduled to run during off-peak hours.
B. The scan output lists SQL injection attack vectors.
C. The scan data identifies the use of privileged-user credentials.
D. The scan results identify the hostname and IP address.
I do not think it is D since host name and IP can be found using passive methods. They are not usually hidden. It is not A, it does not matter when the job is scheduled, it does not indicate a successful scan. It is not C, why would a vulnerability scan indicate a use of privileged user. Unless I do not understand what hat means. So it must be B. Since it is identifying an attack vector.
Joe, an employee, wants to show his colleagues how much he knows about smartphones. Joe demonstrates a free movie application that he installed from a third party on his corporate smartphone. Joe’s colleagues were unable to find the application in the app stores. Which of the following allowed Joe to install the application? (Select two.)
A. Near-field communication.
B. Rooting/jailbreaking
C. Ad-hoc connections
D. Tethering
E. Sideloading
E. Sideloading
B. Rooting/jailbreaking
Multiple organizations operating in the same vertical want to provide seamless wireless access for their employees as they visit the other organizations. Which of the following should be implemented if all the organizations use the native 802.1x client on their mobile devices?
A. Shibboleth
B. RADIUS federation
C. SAML
D. OAuth
E. OpenID connect
B. RADIUS federation
Which of the following types of keys is found in a key escrow?
A. Public
B. Private
C. Shared
D. Session
B. Private
Key escrow is the notion of putting a confidential secret key or private key in the care of a third party until certain conditions are fulfilled.
Question #49Topic 1
When performing data acquisition on a workstation, which of the following should be captured based on memory volatility? (Select two.)
A. USB-attached hard disk
B. Swap/pagefile
C. Mounted network storage
D. ROM
E. RAM
B. Swap/pagefile
E. RAM
A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm?
A. Vulnerability scanning
B. Penetration testing
C. Application fuzzing
D. User permission auditing
A. Vulnerability scanning
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?
A. Botnet
B. Ransomware
C. Polymorphic malware
D. Armored virus
A. Botnet
A botnet has hit a popular website with a massive number of GRE-encapsulated packets to perform a DDoS attack. News outlets discover a certain type of refrigerator was exploited and used to send outbound packets to the website that crashed. To which of the following categories does the refrigerator belong?
A. SoC
B. ICS
C. IoT
D. MFD
C. IoT
An organization's internal auditor discovers that large sums of money have recently been paid to a vendor that management does not recognize. The IT security department is asked to investigate the organizations the organization's ERP system to determine how the accounts payable module has been used to make these vendor payments. The IT security department finds the following security configuration for the accounts payable module: ✑ New Vendor Entry "" Required Role: Accounts Payable Clerk ✑ New Vendor Approval "" Required Role: Accounts Payable Clerk ✑ Vendor Payment Entry "" Required Role: Accounts Payable Clerk ✑ Vendor Payment Approval "" Required Role: Accounts Payable Manager Which of the following changes to the security configuration of the accounts payable module would BEST mitigate the risk?
A
A wireless network uses a RADIUS server that is connected to an authenticator, which in turn connects to a supplicant. Which of the following represents the authentication architecture in use?
A. Open systems authentication
B. Captive portal
C. RADIUS federation
D. 802.1x
D. 802.1x
A security analyst is diagnosing an incident in which a system was compromised from an external IP address. The socket idention the firewall was traced to 207.46.130.0:6666. Which of the following should the security analyst do to determine if the compromised system still has an active connection? A. tracert B. netstat C. ping D. nslookup
B netstat
An application team is performing a load-balancing test for a critical application during off-hours and has requested access to the load balancer to review which servers are up without having the administrator on call. The security analyst is hesitant to give the application team full access due to other critical applications running on the load balancer. Which of the following is the BEST solution for security analyst to process the request?
A. Give the application team administrator access during off-hours.
B. Disable other critical applications before granting the team access.
C. Give the application team read-only access.
D. Share the account with the application team.
C. Give the application team read-only access.
When identifying a company’s most valuable assets as part of a BIA, which of the following should be the FIRST priority?
A. Life
B. Intellectual property
C. Sensitive data
D. Public reputation
A. Life
An employer requires that employees use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual, this type of access policy is BEST defined as:
A. Something you have.
B. Something you know.
C. Something you do.
D. Something you are.
A. Something you have.
A company is terminating an employee for misbehavior. Which of the following steps is MOST important in the process of disengagement from this employee?
A. Obtain a list of passwords used by the employee.
B. Generate a report on outstanding projects the employee handled.
C. Have the employee surrender company identification.
D. Have the employee sign an NDA before departing.
C. Have the employee surrender company identification.
When configuring settings in a mandatory access control environment, which of the following specifies the subjects that can access specific data objects?
A. Owner
B. System
C. Administrator
D. User
With mandatory access control, this security policy is centrally controlled by a security policy administrator; users do not have the ability to override the policy
C. Administrator
After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package.
The systems administrator reviews the output below:
Based on the above information, which of the following types of malware was installed on the user’s computer?
A. RAT
B. Keylogger
C. Spyware
D. Worm
E. Bot
A.RAT
You don’t even need to look at the output to know that this is a Remote Access Trojan. Look for the key words.. “suspicious file” and “freeware software package” is the definition of a RAT. Reference: https://blogs.getcertifiedgetahead.com/can-you-identify-common-malware-names/#question Darril Gibson explains in more detail.
A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees?
A. WPS
B. 802.1x
C. WPA2-PSK
D. TKIP
A. WPS
A security consultant discovers that an organization is using the PCL protocol to print documents, utilizing the default driver and print settings. Which of the following is the MOST likely risk in this situation?
A. An attacker can access and change the printer configuration.
B. SNMP data leaving the printer will not be properly encrypted.
C. An MITM attack can reveal sensitive information.
D. An attacker can easily inject malicious code into the printer firmware.
E. Attackers can use the PCL protocol to bypass the firewall of client computers.
B. SNMP data leaving the printer will not be properly encrypted.
Users report the following message appears when browsing to the company’s secure site: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages? (Select two.)
A. Verify the certificate has not expired on the server.
B. Ensure the certificate has a .pfx extension on the server.
C. Update the root certificate into the client computer certificate store.
D. Install the updated private key on the web server.
E. Have users clear their browsing history and relaunch the session.
A. Verify the certificate has not expired on the server.
C. Update the root certificate into the client computer certificate store.
Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production?
A. Roll back changes in the test environment
B. Verify the hashes of files
C. Archive and compress the files
D. Update the secure baseline
B. Verify the hashes of files
An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?
A. Certificate pinning
B. Certificate stapling
C. Certificate chaining
D. Certificate with extended validation
A. Certificate pinning
Certificate pinning was originally created to protect against the threat of a rogue CA. Pinning also ensures that none of your app’s network data is compromised even if a user has a malicious root certificate installed on their device.
A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement?
A. DMZ
B. NAT
C. VPN
D. PAT
C. VPN
An organization is using a tool to perform a source code review. Which of the following describes the case in which the tool incorrectly identifies the vulnerability?
A. False negative
B. True negative
C. False positive
D. True positive
C. False positive
A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements:
✑ All access must be correlated to a user account.
✑ All user accounts must be assigned to a single individual.
✑ User access to the PHI data must be recorded.
✑ Anomalies in PHI data access must be reported.
✑ Logs and records cannot be deleted or modified.
Which of the following should the administrator implement to meet the above requirements? (Select three.)
A. Eliminate shared accounts.
B. Create a standard naming convention for accounts.
C. Implement usage auditing and review.
D. Enable account lockout thresholds.
E. Copy logs in real time to a secured WORM drive.
F. Implement time-of-day restrictions.
G. Perform regular permission audits and reviews.
A. Eliminate shared accounts.
C. Implement usage auditing and review.
G. Perform regular permission audits and reviews.
An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS?
A. PEAP
B. EAP
C. WPA2
D. RADIUS
A. PEAP
EAP by itself is only an authentication framework.
PEAP (Protected Extensible Authentication Protocol) fully encapsulates EAP and is designed to work within a TLS (Transport Layer Security) tunnel that may be encrypted but is authenticated. The primary motivation behind the creation of PEAP was to help correct the deficiencies discovered within EAP since that protocol assumes that the communications channel is protected. As a result, when EAP messages are able to be discovered in the “clear” they do not provide the protection that was assumed when the protocol was originally authored.
PEAP, EAP-TTLS, and EAP-TLS “protect” inner EAP authentication within SSL/TLS sessions.
An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT?
A. Capture and document necessary information to assist in the response.
B. Request the user capture and provide a screenshot or recording of the symptoms.
C. Use a remote desktop client to collect and analyze the malware in real time.
D. Ask the user to back up files for later recovery.
A. Capture and document necessary information to assist in the response.
When connected to a secure WAP, which of the following encryption technologies is MOST likely to be configured when connecting to WPA2-PSK?
A. DES
B. AES
C. MD5
D. WEP
B. AES
An auditor is reviewing the following output from a password-cracking tool:
Which of the following methods did the auditor MOST likely use?
A. Hybrid
B. Dictionary
C. Brute force
D. Rainbow table
A. Hybrid
A hybrid password cracking method combines several different techniques, most commonly by combining a dictionary attack with a little brute-forcing. It is common for users to use a combination of a dictionary word and a couple of digits or special characters. These passwords (above) are perfect examples, and would be discovered by a hybrid attack.
Adhering to a layered security approach, a controlled access facility employs security guards who verify the authorization of all personnel entering the facility.
Which of the following terms BEST describes the security control being employed?
A. Administrative
B. Corrective
C. Deterrent
D. Compensating
A. Administrative
Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?
A. Private
B. Hybrid
C. Public
D. Community
D. Community
Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?
A. Buffer overflow
B. MITM
C. XSS
D. SQLi
C. XSS
Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the Internet?
A. The recipient can verify integrity of the software patch.
B. The recipient can verify the authenticity of the site used to download the patch.
C. The recipient can request future updates to the software using the published MD5 value.
D. The recipient can successfully activate the new software patch.
A. The recipient can verify integrity of the software patch.
A company has a data classification system with definitions for “Private” and “Public”. The company’s security policy outlines how data should be protected based on type. The company recently added the data type “Proprietary”.
Which of the following is the MOST likely reason the company added this data type?
A. Reduced cost
B. More searchable data
C. Better data classification
D. Expanded authority of the privacy officer
C. Better data classification
Which of the following occurs when the security of a web application relies on JavaScript for input validation?
A. The integrity of the data is at risk.
B. The security of the application relies on antivirus.
C. A host-based firewall is required.
D. The application is vulnerable to race conditions.
A. The integrity of the data is at risk.
Given this output, which of the following can be concluded? (Select two.)
A. The source IP of the attack is coming from 250.19.18.22.
B. The source IP of the attack is coming from 250.19.18.71.
C. The attacker sent a malformed IGAP packet, triggering the alert.
D. The attacker sent a malformed TCP packet, triggering the alert.
E. The TTL value is outside of the expected range, triggering the alert.
B. The source IP of the attack is coming from 250.19.18.71.
C. The attacker sent a malformed IGAP packet, triggering the alert.
A company is currently using the following configuration:
✑ IAS server with certificate-based EAP-PEAP and MSCHAP
✑ Unencrypted authentication via PAP
A security administrator needs to configure a new wireless setup with the following configurations:
✑ PAP authentication method
✑ PEAP and EAP provide two-factor authentication
Which of the following forms of authentication are being used? (Select two.)
A. PAP
B. PEAP
C. MSCHAP
D. PEAP- MSCHAP
E. EAP
F. EAP-PEAP
PEAP is often implemented with Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2). That’s from Gibson’s book.
A. PAP
C. MSCHAP
A vulnerability scanner that uses its running service’s access level to better assess vulnerabilities across multiple assets within an organization is performing a:
A. Credentialed scan.
B. Non-intrusive scan.
C. Privilege escalation test.
D. Passive scan.
A. Credentialed scan.