Topic 3 Flashcards

1
Q

New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?

Fail-safe
Fault tolerance
Fail secure
Redundancy

A

Fail-safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator reported that log files indicated that several records were missing from the database.
Which of the following risk mitigation strategies should have been implemented when the supervisor was
demoted?

Incident management
Routine auditing
IT governance
Monthly user rights reviews

A

Monthly user rights reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A new security policy in an organization requires that all file transfers within the organization be completed
using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?

Replace FTP with SFTP and replace HTTP with TLS
Replace FTP with FTPS and replaces HTTP with TFTP
Replace FTP with SFTP and replace HTTP with Telnet
Replace FTP with FTPS and replaces HTTP with IPSec

A

Replace FTP with SFTP and replace HTTP with TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the
organization incurs in this situation in the
future?

Time-of-day restrictions
User access reviews
Group-based privileges
Change management policies

A

User access reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company wants to host a publicly available server that performs the following functions:
Evaluates MX record lookup
Can perform authenticated requests for A and AAA records Uses RRSIG

Which of the following should the company use to fulfill the above requirements?

DNSSEC
SFTP
nslookup
dig
LDAPS
A

DNSSEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization is moving its human resources system to a cloud services provider.
The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements?

Two-factor authentication
Account and password synchronization
Smartcards with PINS
Federated authentication

A

Federated authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A security administrator wishes to implement a secure a method of file transfer when communicating with
outside organizations. Which of the following protocols would BEST facilitate secure file transfers? (Select
TWO)

SCP
TFTP
SNMP
FTP
SMTP
FTPS
A

SCP

FTPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In an effort to reduce data storage requirements, some company devices to hash every file and eliminate
duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?

MD5
SHA
RIPEMD
AES

A

SHA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An attacker wearing a building maintenance uniform approached a company’s receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company’s list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks?

Tailgating
Shoulder surfing
Impersonation
Hoax

A

Impersonation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is commonly used for federated identity management across multiple organizations?

SAML
Active Directory
Kerberos
LDAP

A

SAML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the
following security exposures would this lead to?

A virus on the administrator’s desktop would be able to sniff the administrator’s username and password.

Result in an attacker being able to phish the employee’s username and password.

A social engineering attack could occur, resulting in the employee’s password being extracted.

A man in the middle attack could occur, resulting the employee’s username and password being
captured.

A

A man in the middle attack could occur, resulting the employee’s username and password being
captured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

See PDF

A

Database server 10.10.10.12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security technician would like to obscure sensitive data within a file so that it can be transferred without
causing suspicion. Which of the following technologies would BEST be suited to accomplish this?

Transport Encryption
Stream Encryption
Digital Signature
Steganography

A

Steganography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Drag and drop the correct protocol to its default port

FTP
Telnet
SMTP
SNMP
SCP
TFTP
A
21
23
25
161
22
69
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A security administrator needs to implement a system that detects possible intrusions based upon a vendor
provided list. Which of the following BEST describes this type of IDS?

Signature based
Heuristic
Anomaly-based
Behavior-based

A

Signature based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The SSID broadcast for a wireless router has been disabled but a network administrator notices that
unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled.

Which of the following would further obscure the presence of the wireless network?

Upgrade the encryption to WPA or WPA2
Create a non-zero length SSID for the wireless router
Reroute wireless users to a honeypot
Disable responses to a broadcast probe request

A

Disable responses to a broadcast probe request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive.

Which of the following procedures did Joe follow?

Order of volatility
Chain of custody
Recovery procedure
Incident isolation

A

Order of volatility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A new intern in the purchasing department requires read access to shared documents. Permissions are
normally controlled through a group called “Purchasing”, however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action?

Modify all the shared files with read only permissions for the intern.
Create a new group that has only read permissions for the files.
Remove all permissions for the shared files.
Add the intern to the “Purchasing” group.

A

Create a new group that has only read permissions for the files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You have just received some room and WiFi access control recommendations from a security consulting
company. Click on each building to bring up available security controls. Please implement the following
requirements:
The Chief Executive Officer’s (CEO) office had multiple redundant security measures installed on the door to
the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the
expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a
passphrase on the customer receipts.
In the Data Center you need to include authentication from the “something you know” category and take
advantage of the existing smartcard reader on the door.
In the Help Desk Office, you need to require single factor authentication through the use of physical tokens
given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while
maintaining three-factor authentication and retaining the more expensive controls.

A

See PDF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list
below in the correct order in which the forensic analyst should preserve them.

RAM
CPU cache
Swap
Hard drive

A

CPU cache
RAM
Swap
Hard drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised?

MAC filtering
Virtualization
OS hardening
Application white-listing

A

OS hardening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access?

Time-of-day restrictions
Change management
Periodic auditing of user credentials
User rights and permission review

A

User rights and permission review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.
During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

Transitive access
Spoofing
Man-in-the-middle
Replay

A

Man in the middle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

After correctly configuring a new wireless enabled thermostat to control the temperature of the company’s
meeting room, Joe, a network administrator determines that the thermostat is not connecting to the
internet based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

The company implements a captive portal
The thermostat is using the incorrect encryption algorithm
the WPA2 shared likely is incorrect
The company’s DHCP server scope is full

A

The WPA2 shared likely is incorrect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

An administrator discovers the following log entry on a server:
Nov 12 2013 00:23:45 httpd[2342]:
GET/app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow

Which of the following attacks is being attempted?

Command injection
Password attack
Buffer overflow
Cross-site scripting

A

Password attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following is the LEAST secure hashing algorithm?

SHA1
RIPEMD
MD5
DES

A

MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following use the SSH protocol?

Stelnet
SCP
SNMP
FTPS
SSL
SFTP
A

SCP

SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured
for HTTPS traffic only. The network administrator has been tasked to update all internal sites without
incurring additional costs. Which of the following is the best solution for the network administrator to secure
each internal website?

Use certificates signed by the company CA
Use a signing certificate as a wild card certificate
Use certificates signed by a public ca
Use a self-signed certificate on each internal server

A

Use a self-signed certificate on each internal server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

An organization is working with a cloud services provider to transition critical business applications to a
hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data. In which of the following documents would this concern MOST likely be addressed?

Service level agreement
Interconnection security agreement
Non-disclosure agreement
Business process analysis

A

SLA (service level agreement)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping
tools. The necessary tools are quickly distributed to the required technicians, but when should this problem
BEST be revisited?

Reporting
Preparation
Mitigation
Lessons Learned

A

Lesson learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following should be used to implement voice encryption?

SSLv3
VDSL
SRTP
VoIP

A

SRTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain. Which of the following tools would aid her to decipher the network traffic?

Vulnerability Scanner
NMAP
NETSTAT
Packet Analyzer

A

NETSTAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner
(www.example.net). Which of the following rules is preventing the CSO from accessing the site?

Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

Rule 1: deny from inside to outside source any destination any service smtp
Rule 2: deny from inside to outside source any destination any service ping
Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
Rule 4: deny from any to any source any destination any service any

A

Rule 3: deny from inside to outside source any destination {blocked sites} service http-https

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is the summary of loss for a given year?

MTBF
ALE
SLA
ARO

A

ALE (Account Level Equivalence)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Two users need to securely share encrypted files via email. Company policy prohibits users from sharing
credentials or exchanging encryption keys. Which of the following can be implemented to enable users to
share encrypted data while abiding by company policies?

Key escrow
Digital signatures
PKI
Hashing

A

Digital signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following is the proper way to quantify the total monetary damage resulting from an exploited
vulnerability?

Calculate the ALE
Calculate the ARO
Calculate the MTBF
Calculate the TCO

A

Calculate the ALE (Account level Equivalence)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

An administrator is testing the collision resistance of different hashing algorithms.
Which of the following is the strongest collision resistance test?

Find two identical messages with different hashes
Find two identical messages with the same hash
Find a common has between two specific messages
Find a common hash between a specific message and a random message

A

Find two identical messages with different hashes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient.
Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement?

Transitive trust
Symmetric encryption
Two-factor authentication
Digital signatures
One-time passwords
A

Digital signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

SEE PDF (drop down regarding: retinal scan, passwords, token, fingerprint)

A

Something you are, something you have, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the
following is a feature that is UNIQUE to Kerberos?

It provides authentication services
It uses tickets to identify authenticated users
It provides single sign-on capability
It uses XML for cross-platform interoperability

A

It uses tickets to identify authenticated users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

The Chief Technology Officer (CTO) of a company, Ann, is putting together a hardware budget for the next 10 years. She is asking for the average lifespan of each hardware device so that she is able to calculate when she will have to replace each device.
Which of the following categories BEST describes what she is looking for?

ALE
MTTR
MTBF
MTTF

A

MTTF (mean time to failure)

42
Q

Which of the following best describes the initial processing phase used in mobile device forensics?

The phone should be powered down and the battery removed to preserve the state of data on any internal or removable storage utilized by the mobile device
The removable data storage cards should be processed first to prevent data alteration when examining
the mobile device
The mobile device should be examined first, then removable storage and lastly the phone without
removable storage should be examined again
The phone and storage cards should be examined as a complete unit after examining the removable
storage cards separately.

A

The phone and storage cards should be examined as a complete unit after examining the removable
storage cards separately.

43
Q

An auditor has identified an access control system that can incorrectly accept an access attempt from an
unauthorized user. Which of the following authentication systems has the auditor reviewed?

Password-based
Biometric-based
Location-based
Certificate-based

A

Biometric-based

44
Q

See PDF for graph

A

See PDF

45
Q

Which of the following attack types is being carried out where a target is being sent unsolicited messages via
Bluetooth?

War chalking
Bluejacking
Bluesnarfing
Rogue tethering

A

Bluejacking

46
Q

A security administrator has been asked to implement a VPN that will support remote access over IPSEC.
Which of the following is an encryption algorithm that would meet this requirement?

MD5
AES
UDP
PKI

A

AES

47
Q

The process of applying a salt and cryptographic hash to a password then repeating the process many times is known as which of the following?

Collision resistance
Rainbow table
Key stretching
Brute force attack

A

Brute force attack

48
Q

A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools’ results. Which of the following is the best method for collecting this information?

Set up the scanning system’s firewall to permit and log all outbound connections
Use a protocol analyzer to log all pertinent network traffic
Configure network flow data logging on all scanning system
Enable debug level logging on the scanning system and all scanning tools used.

A

Set up the scanning system’s firewall to permit and log all outbound connections

49
Q

A security program manager wants to actively test the security posture of a system. The system is not yet in
production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually
exploited?

Peer review
Component testing
Penetration testing
Vulnerability testing

A

Penetration testing

50
Q
During an application design, the development team specifics a LDAP module for single sign-on
communication with the company's access control database. This is an example of which of the following?

Application control
Data in-transit
Identification
Authentication

A

Authentication

51
Q

A security analyst has been asked to perform a review of an organization’s software development lifecycle.
The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide
critical feedback of another developer’s code. Which of the following assessment techniques is BEST
described in the analyst’s report?

Architecture evaluation
Baseline reporting
Whitebox testing
Peer review

A

Peer review

52
Q

A security team wants to establish an Incident Response plan. The team has never experienced an incident.
Which of the following would BEST help them establish plans and procedures?

Table top exercises
Lessons learned
Escalation procedures
Recovery procedures

A

Table top exercises

53
Q

Which of the following are MOST susceptible to birthday attacks?

Hashed passwords
Digital certificates
Encryption passwords
One time passwords

A

Hashed passwords

54
Q

The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a
conference. The CEO will be taking a laptop. Which of the following should the security administrator
implement to ensure confidentiality of the data if the
laptop were to be stolen or lost during the trip?

Remote wipe
Full device encryption
BIOS password

A

Full device encryption

55
Q

An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack?

Integer overflow attack
Smurf attack
Replay attack
Buffer overflow attack
Cross-site scripting attack
A

Replay attack

56
Q

A system administrator wants to implement an internal communication system that will allow employees to
send encrypted messages to each other. The system must also support non- repudiation. Which of the
following implements all these requirements?

Bcrypt
Blowfish
PGP
SHA

A

PGP (pretty good privacy)

57
Q

Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Joe put in place to BEST reduce these incidents?

Account lockout
Group Based Privileges
Least privilege
Password complexity

A

Account lockout

58
Q

A company is planning to encrypt the files in several sensitive directories of a file server with a symmetric
key. Which of the following could be used?

RSA
TwoFish
Diffie-Helman
NTLMv2
RIPEMD
A

TwoFish

59
Q

A computer on a company network was infected with a zero-day exploit after an employee accidentally opened an email that contained malicious content. The employee recognized the email as malicious and was
attempting to delete it, but accidentally opened it. Which of the following should be done to prevent this
scenario from occurring again in the future?

Install host-based firewalls on all computers that have an email client installed
Set the email program default to open messages in plain text
Install end-point protection on all computers that access web email
Create new email spam filters to delete all messages from that sender

A

Install end-point protection on all computers that access web email.

60
Q

Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company’s public facing website in the DMZ. Joe is using steganography to hide stolen data. Which of the following controls can be implemented to mitigate this type of inside threat?

Digital signatures
File integrity monitoring
Access controls
Change management
Stateful inspection firewall
A

File integrity monitoring

61
Q

A system administrator is configuring a site-to-site VPN tunnel. Which of the following should be configured
on the VPN concentrator during the IKE phase?

RIPEMD
ECDHE
Diffie-Hellman
HTTPS

A

Diffie-Hellman

62
Q

A company wants to ensure that the validity of publicly trusted certificates used by its web server can be
determined even during an extended internet outage. Which of the following should be implemented?

Recovery agent
Ocsp
Crl
Key escrow

A

OCSP

63
Q

Which of the following is a document that contains detailed information about actions that include how
something will be done, when the actions will be performed, and penalties for failure?

MOU
ISA
BPA
SLA

A

SLA

64
Q

Which of the following is the GREATEST risk to a company by allowing employees to physically bring their personal smartphones to work?

Taking pictures of proprietary information and equipment in restricted areas.
Installing soft token software to connect to the company’s wireless network.
Company cannot automate patch management on personally-owned devices.
Increases the attack surface by having more target devices on the company’s campus

A

Taking pictures of proprietary information and equipment in restricted areas.

65
Q

The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window?

Implement deduplication at the network level between the two locations
Implement deduplication on the storage array to reduce the amount of drive space needed
Implement deduplication on the server storage to reduce the data backed up
Implement deduplication on both the local and remote servers

A

Implement deduplication on the storage array to reduce the amount of drive space needed

66
Q

A technician needs to implement a system which will properly authenticate users by their username and
password only when the users are logging in from a computer in the office building. Any attempt to
authenticate from a location other than the office building should be rejected. Which of the following MUST the technician implement?

Dual factor authentication
Transitive authentication
Single factor authentication
Biometric authentication

A

Transitive authentication

67
Q

Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key. When Joe
receives a response, he is unable to decrypt the response with the same key he used initially. Which of the following would explain the situation?

An ephemeral key was used for one of the messages
A stream cipher was used for the initial email; a block cipher was used for the reply
Out-of-band key exchange has taken place
Asymmetric encryption is being used

A

Asymmetric encryption is being used

68
Q

A technician must configure a firewall to block external DNS traffic from entering a network. Which of the
following ports should they block on the firewall?

53
110
143
443

A

53

69
Q

A system administrator needs to implement 802.1x whereby when a user logs into the network, the
authentication server communicates to the network switch and assigns the user to the proper VLAN. Which of the following protocols should be used?

RADIUS
Kerberos
LDAP
MSCHAP

A

RADIUS

70
Q

Which of the following BEST describes an attack where communications between two parties are intercepted
and forwarded to each party with neither party being aware of the interception and potential modification to
the communications?

Spear phishing
Main-in-the-middle
URL hijacking
Transitive access

A

Man in the middle

71
Q

See PDF

A

PDF

72
Q

A company exchanges information with a business partner. An annual audit of the business partner is
conducted against the SLA in order to verify:

Performance and service delivery metrics
Backups are being performed and tested
Data ownership is being maintained and audited
Risk awareness is being adhered to and enforced

A

Performance and service delivery metrics

73
Q

Recently several employees were victims of a phishing email that appeared to originate from the company
president. The email claimed the employees would be disciplined if they did not click on a malicious link in
the message. Which of the following principles of social engineering made this attack successful?

Authority
Spamming
Social proof
Scarcity

A

Authority

74
Q

A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following?

Change management procedures
Job rotation policies
Incident response management
Least privilege access controls

A

Change management procedures

75
Q

A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Select TWO.)

Escrowed keys
SSL symmetric encryption key
Software code private key
Remote server public key
OCSP
A

Software code private key

and OCSP

76
Q

A security administrator is tasked with conducting an assessment made to establish the baseline security
posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test.

Which of the following has the administrator been tasked to perform?

Risk transference
Penetration test
Threat assessment
Vulnerability assessment

A

Vulnerability assessment

77
Q

A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the
programmer’s proposal?

The newly developed protocol will only be as secure as the underlying cryptographic algorithms used.

New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.

A programmer should have specialized training in protocol development before attempting to design a
new encryption protocol.

The obscurity value of unproven protocols against attacks often outweighs the potential for introducing
new vulnerabilities.

A

New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.

78
Q

Given the log output:

Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS:
Login Success [user: msmith] [Source: 10.0.12.45]
[localport: 23] at 00:15:23:431 CET Sun Mar 15 2015

Which of the following should the network administrator do to protect data security?

Configure port security for logons
Disable telnet and enable SSH
Configure an AAA server
Disable password and enable RSA authentication

A

Disable telnet and enable SSH

79
Q

A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following should be implemented?

Mandatory access control
Discretionary access control
Role based access control
Rule-based access control

A

Discretionary access control

80
Q

Having adequate lighting on the outside of a building is an example of which of the following security
controls?

Deterrent
Compensating
Detective
Preventative

A

Deterrent

81
Q

Malware that changes its binary pattern on specific dates at specific times to avoid detection is known as a (n):

armored virus
logic bomb
polymorphic virus
Trojan

A

Polymorphic virus

82
Q

Which of the following would verify that a threat does exist and security controls can easily be bypassed
without actively testing an application?

Protocol analyzer
Vulnerability scan
Penetration test
Port scanner

A

Vulnerability scan

83
Q

Anne, the Chief Executive Officer (CEO), has reported that she is getting multiple telephone calls from
someone claiming to be from the helpdesk. The caller is asking to verify her network authentication
credentials because her computer is broadcasting across the network. This is MOST likely which of the
following types of attacks?

Vishing
Impersonation
Spim
Scareware

A

Vishing

84
Q

A Security Officer on a military base needs to encrypt several smart phones that will be going into the field.
Which of the following encryption solutions should be deployed in this situation?

Elliptic curve
One-time pad
3DES
AES-256

A

AES-256

85
Q

The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred. By doing
which of the following is the CSO most likely to reduce the number of incidents?

Implement protected distribution
Empty additional firewalls
Conduct security awareness training
Install perimeter barricades

A

Conduct security awareness training

86
Q

While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security?

MAC spoofing
Pharming
Xmas attack
ARP poisoning

A

MAC spoofing

87
Q

A network operations manager has added a second row of server racks in the datacenter. These racks face the opposite direction of the first row of racks.

Which of the following is the reason the manager installed the racks this way?

To lower energy consumption by sharing power outlets
To create environmental hot and cold isles
To eliminate the potential for electromagnetic interference
To maximize fire suppression capabilities

A

To create environment hot and cold isles

88
Q

A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST secure way for password recovery?

Utilizing a single Qfor password recovery
Sending a PIN to a smartphone through text message
Utilizing CAPTCHA to avoid brute force attacks
Use a different e-mail address to recover password

A

Sending a PIN to a smartphone through text message

89
Q

Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment?

Cloud computing
Virtualization
Redundancy
Application control

A

Virtualization

90
Q

See PDF

A

See PDF

91
Q

A product manager is concerned about continuing operations at a facility located in a region undergoing
significant political unrest. After consulting with senior management, a decision is made to suspend operations at the facility until the situation stabilizes.

Which of the following risk management strategies BEST describes management’s response?

Deterrence
Mitigation
Avoidance
Acceptance

A

Avoidance

92
Q

A security administrator receives notice that a third-party certificate authority has been compromised, and new certificates will need to be issued. Which of the following should the administrator submit to receive a new certificate?

CRL
OSCP
PFX
CSR
CA
A

CSR (Certificate Signing Request)

93
Q

An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not
confidentiality protection. Which of the following AES modes of operation would meet this integrity-only
requirement?

HMAC
PCBC
CBC
GCM
CFB
A

HMAC (hash message authentication code)

94
Q

Which of the following can affect electrostatic discharge in a network operations center?

Fire suppression
Environmental monitoring
Proximity card access
Humidity controls

A

Humidity controls

95
Q

Joe, the security administrator, sees this in a vulnerability scan report:
“The server 10.1.2.232 is running Apache 2.2.20 which may be vulnerable to a
mod_cgi exploit.”

Joe verifies that the mod_cgi module is not enabled on 10.1.2.232. This message is an example of:

a threat.
a risk.
a false negative.
a false positive.

A

A false positive

96
Q

Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the
following principles BEST describes the weakness being exploited?

Intimidation
Scarcity
Authority
Social proof

A

Social proof

97
Q

A security guard has informed the Chief Information Security Officer that a person with a tablet has been
walking around the building. The guard also noticed strange white markings in different areas of the parking
lot. The person is attempting which of the following types of attacks?

Jamming
War chalking
Packet sniffing
Near field communication

A

War chalking

98
Q

Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop. Which of the following is an appropriate control to use to prevent the other patron from accessing Joe’s laptop directly?

full-disk encryption
Host-based firewall
Current antivirus definitions
Latest OS updates

A

Host-based firewall

99
Q

The firewall administrator is adding a new certificate for the company’s remote access solution. The solution
requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The
administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected.
Which of the following is required to complete the certificate chain?

Certificate revocation list
Intermediate authority
Recovery agent
Root of trust

A

Intermediate authority

100
Q

An organization relies heavily on an application that has a high frequency of security updates. At present, the security team only updates the application on the first Monday of each month, even though the security
updates are released as often as twice a week.
Which of the following would be the BEST method of updating this application?

Configure testing and automate patch management for the application.
Configure security control testing for the application.
Manually apply updates for the application when they are released.
Configure a sandbox for testing patches before the scheduled monthly update.

A

Configure testing and automate patch management for the application