Topic 2 Flashcards

1
Q

A portable data storage device has been determined to have malicious firmware.
Which of the following is the BEST course of action to ensure data confidentiality?

Format the device
Re-image the device
Perform virus scan in the device
Physically destroy the device

A

Perform virus scan in the device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices?

Cross-site scripting
DNS poisoning
Typo squatting
URL hijacking

A

Typo Squatting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization is comparing and contrasting migration from its standard desktop configuration to the newest
version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?

Dynamic analysis
Change management
Baselining
Waterfalling

A

Change Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An information security analyst needs to work with an employee who can answer QUESTION NO:s about
how data for a specific system is used in the business. The analyst should seek out an employee who has the
role of:

steward
owner
privacy officer
systems administrator

A

Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A new mobile application is being developed in-house. Security reviews did not pick up any major flaws,
however vulnerability scanning results show fundamental issues at the very end of the project cycle.
Which of the following security activities should also have been performed to discover vulnerabilities earlier
in the lifecycle?

Architecture review
Risk assessment
Protocol analysis
Code review

A

Code Review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening.

In order to implement a true separation of duties approach the bank could:

Require the use of two different passwords held by two different individuals to open an account
Administer account creation on a role based access control approach
Require all new accounts to be handled by someone else other than a teller since they have different
duties
Administer account creation on a rule based access control approach

A

Require all new accounts to be handled by someone else other than a teller since they have different duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following must be intact for evidence to be admissible in court?

Chain of custody
Order of volatility
Legal hold
Preservation

A

Chain of Custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A system’s administrator has finished configuring firewall ACL to allow access to a new web server.
The security administrator confirms form the following packet capture that there is network traffic from the
internet to the web server:
The company’s internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?

Misconfigured firewall
Clear text credentials
Implicit deny
Default configuration

A

Clear text credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An audit takes place after company-wide restricting, in which several employees changed roles. The following
deficiencies are found during the audit regarding access to confidential data:
Which of the following would be the BEST method to prevent similar audit findings in the future?

Implement separation of duties for the payroll department.
Implement a DLP solution on the payroll and human resources servers.
Implement rule-based access controls on the human resources server.
Implement regular permission auditing and reviews.

A

Implement separation of duties for the payroll department.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following cryptographic algorithms is irreversible?

RC4
SHA-256
DES
AES

A

SHA-256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?

The hacker used a race condition.
The hacker used a pass-the-hash attack.
The hacker-exploited improper key management.
The hacker exploited weak switch configuration.

A

The hacker exploited weak switch configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?

It can protect multiple domains
It provides extended site validation
It does not require a trusted certificate authority
It protects unlimited subdomains

A

It provides extended site validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company was recently audited by a third party. The audit revealed the company’s network devices were
transferring files in the clear. Which of the following protocols should the company use to transfer files?

HTTPS
LDAPS
SCP
SNMPv3

A

SCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An organization’s primary datacenter is experiencing a two-day outage due to an HVAC malfunction. The
node located in the datacenter has lost power and is no longer operational, impacting the ability of all users to connect to the alternate datacenter. Which of the following BIA concepts BEST represents the risk described in this scenario?

SPoF
RTO
MTBF
MTTR

A

SPoF (Single Point of Failure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential
information after working hours when no one else is around. Which of the following actions can help to
prevent this specific threat?

Implement time-of-day restrictions.
Audit file access times.
Secretly install a hidden surveillance camera.
Require swipe-card access to enter the lab.

A

Require swipe-card access to enter the lab

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware, the attacker is provided with access to the infected machine.

Which of the following is being described?

Zero-day exploit
Remote code execution
Session hijacking
Command injection

A

Zero-day exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A technician is configuring a wireless guest network. After applying the most recent changes the technician
finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network.

Which of the following security measures did the technician MOST likely implement to cause this Scenario?

Deactivation of SSID broadcast
Reduction of WAP signal output power
Activation of 802.1X with RADIUS
Implementation of MAC filtering
Beacon interval was decreased
A

Deactivation of SSID broadcast

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Technicians working with servers hosted at the company’s datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures.

Which of the following should be implemented to correct this issue?

Decrease the room temperature
Increase humidity in the room
Utilize better hot/cold aisle configurations
Implement EMI shielding

A

Increase humidity in the room

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A development team has adopted a new approach to projects in which feedback is iterative and multiple
iterations of deployments are provided within an application’s full life cycle. Which of the following software development methodologies is the development team using?

Waterfall
Agile
Rapid
Extreme

A

Agile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Audit logs from a small company’s vulnerability scanning software show the following findings:

Destinations scanned:

  • Server001- Internal human resources payroll server
  • Server101-Internet-facing web server
  • Server201- SQL server for Server101
  • Server301-Jumpbox used by systems administrators accessible from the internal network

Validated vulnerabilities found:

  • Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software
  • Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software
  • Server201-OS updates not fully current
  • Server301- Accessible from internal network without the use of jumpbox
  • Server301-Vulnerable to highly publicized exploit that can elevate user privileges

Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?

Server001
Server101
Server201
Server301

A

Server101

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.)

Geofencing
Remote wipe
Near-field communication
Push notification services
Containerization
A

Geofencing

Containerization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A security analyst notices anomalous activity coming from several workstations in the organizations. Upon
identifying and containing the issue, which of the following should the security analyst do NEXT?

Document and lock the workstations in a secure area to establish chain of custody

Notify the IT department that the workstations are to be reimaged and the data restored for reuse

Notify the IT department that the workstations may be reconnected to the network for the users to
continue working

Document findings and processes in the after-action and lessons learned report

A

Document findings and processes in the after-action and lessions learned report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which
is expected to accommodate at most 14 physical hosts.
Which of the following subnets would BEST meet the requirements?

  1. 168.0.16 255.25.255.248
  2. 168.0.16/28
  3. 168.1.50 255.255.25.240
  4. 168.2.32/27
A

192.168.0.16/28

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A security administrator returning from a short vacation receives an account lock-out message when
attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine.

Which of the following can be implemented to reduce the likelihood of this attack going undetected?

Password complexity rules
Continuous monitoring
User access reviews
Account lockout policies

A

Continuous monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A group of non-profit agencies wants to implement a cloud service to share resources with each other and
minimize costs. Which of the following cloud deployment models BEST describes this type of effort?

Public
Hybrid
Community
Private

A

Community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Joe, a security administrator, needs to extend the organization’s remote access functionality to be used by staff while travelling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use?

RADIUS
TACACS+
Diameter
Kerberos

A

TACAS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

An administrator has concerns regarding the traveling sales team who works primarily from smart phones.
Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft?

Enable screensaver locks when the phones are not in use to prevent unauthorized access

Configure the smart phones so that the stored data can be destroyed from a centralized location

Configure the smart phones so that all data is saved to removable media and kept separate from the
device

Enable GPS tracking on all smart phones so that they can be quickly located and recovered

A

Configure the smart phones so that the stored data can be destroyed from a centralized location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A company is developing a new system that will unlock a computer automatically when an authorized user sits
in front of it, and then lock the computer when the user leaves. The user does not have to perform any action for this process to occur. Which of the following technologies provides this capability?

Facial recognition
Fingerprint scanner
Motion detector
Smart cards

A

Facial recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

After a merger between two companies a security analyst has been asked to ensure that the organization’s systems are secured against infiltration by any former employees that were terminated during the transition.

Which of the following actions are MOST appropriate to harden applications against infiltration by former
employees? (Select TWO)

Monitor VPN client access
Reduce failed login out settings
Develop and implement updated access control policies
Review and address invalid login attempts
Increase password complexity requirements
Assess and eliminate inactive accounts

A

Develop and implement updated access control policies

Assess and eliminate inactive accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a
recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls. Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select
Three)

Password complexity policies
Hardware tokens
Biometric systems
Role-based permissions
One time passwords
Separation of duties
Multifactor authentication
Single sign-on
Lease privilege
A

Role-based permissions
Seperation of duties
Lease privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A copy of a highly confidential salary report was recently found on a printer in the IT department. The human resources department does not have this specific printer mapped to its devices, and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization. Which of the following technical controls would be the BEST choice to immediately prevent this from happening again?

Implement a DLP solution and classify the report as confidential, restricting access only to human
resources staff

Restrict access to the share where the report resides to only human resources employees and enable
auditing

Have all members of the IT department review and sign the AUP and disciplinary policies

Place the human resources computers on a restricted VLAN and configure the ACL to prevent access
from the IT department

A

Restrict access to the share where the report resides to only human resources employees and enable auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following types of attacks precedes the installation of a rootkit on a server?

Pharming
DDoS
Privilege escalation
DoS

A

Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following
methods would have MOST likely prevented the data from being exposed?

Removing the hard drive from its enclosure
Using software to repeatedly rewrite over the disk space
Using Blowfish encryption on the hard drives
Using magnetic fields to erase the data

A

Using magnetic fields to erase the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A financial analyst is expecting an email containing sensitive information from a client. When the email
arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is
the MOST likely cause of the issue?

The S/MIME plug-in is not enabled
The SSL certificate has expired
Secure IMAP was not implemented
POP3S is not supported

A

Secure IMAP was not implemented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

An organization uses SSO authentication for employee access to network resources. When an employee
resigns, as per the organization’s security policy, the employee’s access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?

Approve the former employee’s request, as a password reset would give the former employee access to only the human resources server.

Deny the former employee’s request, since the password reset request came from an external email
address.

Deny the former employee’s request, as a password reset would give the employee access to all network
resources.

Approve the former employee’s request, as there would not be a security issue with the former employee
gaining access to network resources.

A

Deny the former employee’s request, as a password reset would give the employee access to all network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The
agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement?

ISA
NDA
MOU
SLA

A

NDA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users.

Which of the following could best prevent this from occurring again?

Credential management
Group policy management
Acceptable use policy
Account expiration policy

A

Group policy management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following should identify critical systems and components?

MOU
BPA
ITCP
BCP

A

BCP (business continuity plan)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A manager suspects that an IT employee with elevated database access may be knowingly modifying financial
transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern?

Separation of duties
Mandatory vacations
Background checks
Security awareness training

A

Seperation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A user of the wireless network is unable to gain access to the network. The symptoms are:

1.) Unable to connect to both internal and Internet resources
2.) The wireless icon shows connectivity but has no network access
The wireless network is WPA2 Enterprise and users must be a member of the wireless security group to
authenticate.

Which of the following is the MOST likely cause of the connectivity issues?

The wireless signal is not strong enough
A remote DDoS attack against the RADIUS server is taking place
The user’s laptop only supports WPA and WEP
The DHCP scope is full
The dynamic encryption key did not update while the user was offline

A

The wireless signal is not strong enough

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform. The user turns off the functionality in the application, but wants to ensure the application cannot re-enable the setting without the knowledge of the user.

Which of the following mobile device capabilities should the user disable to achieve the stated goal?

Device access control
Location based services
Application control
GEO-Tagging

A

GEO-tagging

42
Q

A security administrator must implement a system to ensure that invalid certificates are not used by a custom developed application. The system must be able to check the validity of certificates even when internet access is unavailable.

Which of the following MUST be implemented to support this requirement?

CSR
OCSP
CRL
SSH

A

CRL (Certificate Revocation List)

43
Q

While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as
“unknown” and does not appear to be within the bounds of the organizations Acceptable Use Policy.

Which of the following tool or technology would work BEST for obtaining more information on this traffic?

Firewall logs
IDS logs
Increased spam filtering
Protocol analyzer

A

IDS logs

44
Q

A technician suspects that a system has been compromised. The technician reviews the following log entry:

WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll
WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll

Based solely ono the above information, which of the following types of malware is MOST likely installed on
the system?

Rootkit
Ransomware
Trojan
Backdoor

A

Rootkit

45
Q

As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the
source code, integration tests, and network diagrams.

Which of the following BEST describes the assessment
being performed?

Black box
Regression
White box
Fuzzing

A

White box

46
Q

An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of:

Passive reconnaissance
Persistence
Escalation of privileges
Exploiting the switch

A

Exploiting the switch

47
Q

The security administrator receives an email on a non-company account from a coworker stating that some
reports are not exporting correctly. Attached to the email was an example report file with several customers’ names and credit card numbers with the PIN.

Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive
data?

Configure the mail server to require TLS connections for every email to ensure all transport data is
encrypted

Create a user training program to identify the correct use of email and perform regular audits to ensure
compliance

Implement a DLP solution on the email gateway to scan email and remove sensitive data or files

Classify all data according to its sensitivity and inform the users of data that is prohibited to share

A

Implement a DLP solution on the email gateway to scan email and remote sensitive data or files

48
Q

Which of the following cryptography algorithms will produce a fixed-length, irreversible output?

AES
3DES
RSA
MD5

A

MD5

49
Q

A security administrator has been tasked with improving the overall security posture related to desktop machines on the network. An auditor has recently that several machines with confidential customer information displayed in the screens are left unattended during the course of the day.

Which of the following could the security administrator implement to reduce the risk associated with the
finding?

Implement a clean desk policy
Security training to prevent shoulder surfing
Enable group policy based screensaver timeouts
Install privacy screens on monitors

A

Enable group policy based screensaver timeouts

50
Q

A company’s AUP requires:

Passwords must meet complexity requirements.
Passwords are changed at least once every six months.
Passwords must be at least eight characters long.
An auditor is reviewing the following report:

Which of the following controls should the auditor recommend to enforce the AUP?
Account lockout thresholds
Account recovery
Password expiration
Prohibit password reuse
A

Password Expiration

51
Q

A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company. Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network?

Pre-shared key
Enterprise
Wi-Fi Protected setup
Captive portal

A

Captive portal

52
Q

Which of the following works by implanting software on systems but delays execution until a specific set of
conditions is met?

Logic bomb
Trojan
Scareware
Ransomware

A

Logic bomb

53
Q
A security analyst receives an alert from a WAF with the following payload:
var data= “” ++ ”

Which of the following types of attacks is this?

Cross-site request forgery
Buffer overflow
SQL injection
JavaScript data insertion
Firewall evasion script
A

Firewall evasion script

54
Q

An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?

Use a camera for facial recognition
Have users sign their name naturally
Require a palm geometry scan
Implement iris recognition

A

Have users sign their name naturally

55
Q

A security analyst has received the following alert snippet from the HIDS appliance:

Given the above logs, which of the following is the cause of the attack?

The TCP ports on destination are all open
FIN, URG, and PSH flags are set in the packet header
TCP MSS is configured improperly
There is improper Layer 2 segmentation

A

FIN, URG, and PSH flags are set in the packet header

56
Q

A user is presented with the following items during the new-hire onboarding process:

-Laptop
-Secure USB drive
-Hardware OTP token
-External high-capacity HDD
-Password complexity policy
-Acceptable use policy
-HASP key
-Cable lock
Which of the following is one component of multifactor authentication?

Secure USB drive
Cable lock
Hardware OTP token
HASP key

A

Hardware OTP token

57
Q

A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a
LAN on comptia.org from example.org. Which of the following commands should the security analyst use?
(Select two.)

Option A
Option B
Option C
Option D
Option E
Option F
A

Option A and C

58
Q

Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction
printers, as well as the impact on functionality at the same time?

Isolating the systems using VLANs
Installing a software-based IPS on all devices
Enabling full disk encryption
Implementing a unique user PIN access functions

A

Isolating the systems using VLANs

59
Q

A security analyst wants to harden the company’s VoIP PBX. The analyst is worried that credentials may be
intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring?

Implement SRTP between the phones and the PBX.
Place the phones and PBX in their own VLAN.
Restrict the phone connections to the PBX.
Require SIPS on connections to the PBX.

A

Require SIPS on connections to the PBX

60
Q

Which of the following AES modes of operation provide authentication? (Select two.)

CCM
CBC
GCM
DSA
CFB
A

CCM

GCM

61
Q

See PDF for simulation

A

See PDF

62
Q

A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?

The firewall should be configured to prevent user traffic form matching the implicit deny rule.
The firewall should be configured with access lists to allow inbound and outbound traffic.
The firewall should be configured with port security to allow traffic.
The firewall should be configured to include an explicit deny rule.

A

The firewall should be configured to prevent user traffic from matching the implicit deny rule.

63
Q

To reduce disk consumption, an organization’s legal department has recently approved a new policy setting
the data retention period for sent email at six months. Which of the following is the BEST way to ensure this
goal is met?

Create a daily encrypted backup of the relevant emails.
Configure the email server to delete the relevant emails.
Migrate the relevant emails into an “Archived” folder.
Implement automatic disk compression on email servers

A

Create a daily encrypted backup of the relevant emails.

64
Q

An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a
report of security credentials for all users.

Which of the following types of attack is MOST likely occurring?

Policy violation
Social engineering
Whaling
Spear phishing

A

Spear fishing

65
Q

A director of IR is reviewing a report regarding several recent breaches. The director compiles the following
statistic’s
-Initial IR engagement time frame
-Length of time before an executive management notice went out
-Average IR phase completion

The director wants to use the data to shorten the response time. Which of the following would accomplish this?

CSIRT
Containment phase
Escalation notifications
Tabletop exercise

A

Tabletop exercise

66
Q

Which of the following differentiates a collision attack from a rainbow table attack?

A rainbow table attack performs a hash lookup
A rainbow table attack uses the hash as a password
In a collision attack, the hash and the input data are equivalent
In a collision attack, the same input results in different hashes

A

A rainbow table attack performs a hash lookup

67
Q

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks?

SQL injection
Header manipulation
Cross-site scripting
Flash cookie exploitation

A

Cross-site scripting

68
Q

An administrator is configuring access to information located on a network file server named “Bowman”. The
files are located in a folder named “BalkFiles”. The files are only for use by the “Matthews” division and
should be read-only. The security policy requires permissions for shares to be managed at the file system layer and also requires those permissions to be set according to a least privilege model. Security policy for this data type also dictates that administrator-level accounts on the system have full access to the files.

The administrator configures the file share according to the following table:

Which of the following rows has been misconfigured?

Row 1
Row 2
Row 3
Row 4
Row 5
A

Row 4

69
Q

A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the
followingshould the security analyst use to prevent this vulnerability?

Application fuzzing
Error handling
Input validation
Pointer dereference

A

Input validation

70
Q

A security engineer is faced with competing requirements from the networking group and database
administrators. The database administrators would like ten application servers on the same subnet for ease of
administration, whereas the networking group would like to segment all applications from one another.
Which of the following should the security administrator do to rectify this issue?

Recommend performing a security assessment on each application, and only segment the applications
with the most vulnerability

Recommend classifying each application into like security groups and segmenting the groups from one
another

Recommend segmenting each application, as it is the most secure approach

Recommend that only applications with minimal security features should be segmented to protect them

A

Recommend classifying each application into like security groups and segmenting the groups from one another.

71
Q

A vulnerability scanner that uses its running service’s access level to better assess vulnerabilities across
multiple assets within an organization is performing a:

Credentialed scan.
Non-intrusive scan.
Privilege escalation test.
Passive scan.

A

Credentialed scan

72
Q

A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker
initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following
statements BEST indicates that the vulnerability scan meets these requirements?

The vulnerability scanner is performing an authenticated scan.

The vulnerability scanner is performing local file integrity checks.

The vulnerability scanner is performing in network sniffer mode.

The vulnerability scanner is performing banner grabbing.

A

The vulnerability scanner is performing in network sniffer mode.

73
Q

Although a web enabled application appears to only allow letters in the comment field of a web form,
malicious user was able to carry a SQL injection attack by sending special characters through the web
comment field.

Which of the following has the application programmer failed to implement?

Revision control system
Client side exception handling
Server side validation
Server hardening

A

Server side validation

74
Q

A systems administrator is reviewing the following information from a compromised server:

Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?

Apache
LSASS
MySQL
TFTP

A

Apache

75
Q

Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST
dangerous against?

Passwords written on the bottom of a keyboard
Unpatched exploitable Internet-facing services
Unencrypted backup tapes
Misplaced hardware token

A

Unpatched exploitable internet-facting services

76
Q

A network administrator wants to ensure that users do not connect any unauthorized devices to the company
network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?

Enforce authentication for network devices
Configure the phones on one VLAN, and computers on another
Enable and configure port channels
Make users sign an Acceptable use Agreement

A

Enforce authentication for network devices

77
Q

A security analyst is investigating a suspected security breach and discovers the following in the logs of the
potentially compromised server:

Which of the following would be the BEST method for preventing this type of suspected attack in the future?

Implement password expirations
Implement restrictions on shared credentials
Implement account lockout settings
Implement time-of-day restrictions on this server

A

Implement account lockout settings

78
Q

An application developer is designing an application involving secure transports from one service to another
that will pass over port 80 for a request.
Which of the following secure protocols is the developer MOST likely to use?

FTPS
SFTP
SSL
LDAPS
SSH
A

SSL

79
Q

A penetration tester finds that a company’s login credentials for the email client were being sent in clear text.
Which of the following should be done to provide encrypted logins to the email server?

Enable IPSec and configure SMTP.
Enable SSH and LDAP credentials.
Enable MIME services and POP3.
Enable an SSL certificate for IMAP services.

A

Enable an SSL certificate for IMAP services

80
Q

A technician has installed new vulnerability scanner software on a server that is joined to the company
domain. The vulnerability scanner is able to provide visibility over the patch posture of all company’s clients.
Which of the following is being used?

Gray box vulnerability testing
Passive scan
Credentialed scan
Bypassing security controls

A

Gray box vulnerability testing

81
Q

A security analyst reviews the following output:
The analyst loads the hash into the SIEM to discover if this hash is seen in other parts of the network. After
inspecting a large number of files, the security analyst reports the following:

Which of the following is the MOST likely cause of the hash being found in other areas?

Jan Smith is an insider threat
There are MD5 hash collisions
The file is encrypted
Shadow copies are present

A

There are MD5 hash collisions

82
Q

A security administrator is configuring a new network segment, which contains devices that will be accessed
by external users, such as web and FTP server. Which of the following represents the MOST secure way to
configure the new network segment?

The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow
external traffic.

The segment should be placed in the existing internal VLAN to allow internal traffic only.

The segment should be placed on an intranet, and the firewall rules should be configured to allow
external traffic.

The segment should be placed on an extranet, and the firewall rules should be configured to allow both
internal and external traffic.

A

The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic.

83
Q

A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired?

The certificate was self signed, and the CA was not imported by employees or customers

The root CA has revoked the certificate of the intermediate CA

The valid period for the certificate has passed, and a new certificate has not been issued

The key escrow server has blocked the certificate from being validated

A

The valid period for the certificate has passed, and a new certificate has not been issued.

84
Q

After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the
NEXT step the analyst should take?

Recovery
Identification
Preparation
Documentation
Escalation
A

Identification

85
Q

A security engineer is configuring a wireless network that must support mutual authentication of the wireless
client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords.

Which of the following authentication protocols MUST the security engineer select?

EAP-FAST
EAP-TLS
PEAP
EAP

A

PEAP

86
Q

A security administrator has been assigned to review the security posture of the standard corporate system
image for virtual machines. The security administrator conducts a thorough review of the system logs,
installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production.

Which of the following would correct the deficiencies?

Mandatory access controls
Disable remote login
Host hardening
Disabling services

A

Host hardening

87
Q

Which of the following would meet the requirements for multifactor authentication?

Username, PIN, and employee ID number
Fingerprint and password
Smart card and hardware token
Voice recognition and retina scan

A

Fingerprint and password

88
Q

Company policy requires the use if passphrases instead if passwords.
Which of the following technical controls MUST be in place in order to promote the use of passphrases?

Reuse
Length
History
Complexity

A

Complexity

89
Q

A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists from the vendor.
Which of the following BEST describes the reason why the vulnerability exists?

Default configuration
End-of-life system
Weak cipher suite
Zero-day threats

A

End-of-life system

90
Q

The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective?

Authentication
HVAC
Full-disk encryption
File integrity checking

A

HVAC

91
Q

Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)

To prevent server availability issues
To verify the appropriate patch is being installed
To generate a new baseline hash after patching
To allow users to test functionality
To ensure users are trained on new functionality

A

To prevent server availability issues

To allow users to test functionality

92
Q

A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network.

Which of the following should be implemented in order to meet the security policy requirements?

Virtual desktop infrastructure (IDI)
WS-security and geo-fencing
A hardware security module (HSM)
RFID tagging system
MDM software
Security Requirements Traceability Matrix (SRTM)
A

MDM software

93
Q

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the
entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws.
Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data?

Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are
digitally signed to minimize fraud, implement encryption for data in-transit between data centers

Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement
encryption for data in-transit between data centers, increase data availability by replicating all data,
transaction data, logs between each corporate location

Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the
transfer from one country to another, implement end-to-end encryption between mobile applications and
the cloud.

A

Store customer data based on national borders, ensure end-to end encryption between ATMs, end users,
and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal
jurisdiction to another with more stringent regulations

94
Q

A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data.
Before powering the system off, Joe knows that he must collect the most volatile date first. Which of the
following is the correct order in which Joe should collect the data?

CPU cache, paging/swap files, RAM, remote logging data
RAM, CPU cache. Remote logging data, paging/swap files
Paging/swap files, CPU cache, RAM, remote logging data
CPU cache, RAM, paging/swap files, remote logging data

A

CPU cache, RAM, paging/swap files, remote logging data

95
Q

Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping?

Encrypt it with Joe’s private key
Encrypt it with Joe’s public key
Encrypt it with Ann’s private key
Encrypt it with Ann’s public key

A

Encrypt it with Ann’s public key

96
Q

An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future?

Use a honeypot
Disable unnecessary services
Implement transport layer security
Increase application event logging

A

Disable unnecessary services

97
Q

A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential
monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)

ALE
AV
ARO
EF
ROI
A

AV

EF

98
Q

Which of the following are methods to implement HA in a web application server environment? (Select two.)

Load balancers
Application layer firewalls
Reverse proxies
VPN concentrators
Routers
A

Load balancers

Application layer firewalls

99
Q

A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway.
Which of the following tools should the administrator use to detect this attack? (Select two.)

Ping
Ipconfig
Tracert
Netstat
Dig
Nslookup
A

Ipconfig

Tracert

100
Q

During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach to this incident?

The finding is a false positive and can be disregarded
The Struts module needs to be hardened on the server
The Apache software on the server needs to be patched and updated
The server has been compromised by malware and needs to be quarantined.

A

The finding is a false positive and can be disregarded

101
Q

After a routine audit, a company discovers that engineering documents have been leaving the network on a particular port. The company must allow outbound traffic on this port, as it has a legitimate business use. Blocking the port would cause an outage. Which of the following technology controls should the company implement?

NAC
Web proxy
DLP
ACL

A

DLP