Topic 3 Flashcards
New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?
Fail-safe
Fault tolerance
Fail secure
Redundancy
Fail-safe
A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator reported that log files indicated that several records were missing from the database.
Which of the following risk mitigation strategies should have been implemented when the supervisor was
demoted?
Incident management
Routine auditing
IT governance
Monthly user rights reviews
Monthly user rights reviews
A new security policy in an organization requires that all file transfers within the organization be completed
using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?
Replace FTP with SFTP and replace HTTP with TLS
Replace FTP with FTPS and replaces HTTP with TFTP
Replace FTP with SFTP and replace HTTP with Telnet
Replace FTP with FTPS and replaces HTTP with IPSec
Replace FTP with SFTP and replace HTTP with TLS
During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the
organization incurs in this situation in the
future?
Time-of-day restrictions
User access reviews
Group-based privileges
Change management policies
User access reviews
A company wants to host a publicly available server that performs the following functions:
Evaluates MX record lookup
Can perform authenticated requests for A and AAA records Uses RRSIG
Which of the following should the company use to fulfill the above requirements?
DNSSEC SFTP nslookup dig LDAPS
DNSSEC
An organization is moving its human resources system to a cloud services provider.
The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements?
Two-factor authentication
Account and password synchronization
Smartcards with PINS
Federated authentication
Federated authentication
A security administrator wishes to implement a secure a method of file transfer when communicating with
outside organizations. Which of the following protocols would BEST facilitate secure file transfers? (Select
TWO)
SCP TFTP SNMP FTP SMTP FTPS
SCP
FTPS
In an effort to reduce data storage requirements, some company devices to hash every file and eliminate
duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?
MD5
SHA
RIPEMD
AES
SHA
An attacker wearing a building maintenance uniform approached a company’s receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company’s list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks?
Tailgating
Shoulder surfing
Impersonation
Hoax
Impersonation
Which of the following is commonly used for federated identity management across multiple organizations?
SAML
Active Directory
Kerberos
LDAP
SAML
An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the
following security exposures would this lead to?
A virus on the administrator’s desktop would be able to sniff the administrator’s username and password.
Result in an attacker being able to phish the employee’s username and password.
A social engineering attack could occur, resulting in the employee’s password being extracted.
A man in the middle attack could occur, resulting the employee’s username and password being
captured.
A man in the middle attack could occur, resulting the employee’s username and password being
captured.
See PDF
Database server 10.10.10.12
A security technician would like to obscure sensitive data within a file so that it can be transferred without
causing suspicion. Which of the following technologies would BEST be suited to accomplish this?
Transport Encryption
Stream Encryption
Digital Signature
Steganography
Steganography
Drag and drop the correct protocol to its default port
FTP Telnet SMTP SNMP SCP TFTP
21 23 25 161 22 69
A security administrator needs to implement a system that detects possible intrusions based upon a vendor
provided list. Which of the following BEST describes this type of IDS?
Signature based
Heuristic
Anomaly-based
Behavior-based
Signature based
The SSID broadcast for a wireless router has been disabled but a network administrator notices that
unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled.
Which of the following would further obscure the presence of the wireless network?
Upgrade the encryption to WPA or WPA2
Create a non-zero length SSID for the wireless router
Reroute wireless users to a honeypot
Disable responses to a broadcast probe request
Disable responses to a broadcast probe request
Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive.
Which of the following procedures did Joe follow?
Order of volatility
Chain of custody
Recovery procedure
Incident isolation
Order of volatility
A new intern in the purchasing department requires read access to shared documents. Permissions are
normally controlled through a group called “Purchasing”, however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action?
Modify all the shared files with read only permissions for the intern.
Create a new group that has only read permissions for the files.
Remove all permissions for the shared files.
Add the intern to the “Purchasing” group.
Create a new group that has only read permissions for the files.
You have just received some room and WiFi access control recommendations from a security consulting
company. Click on each building to bring up available security controls. Please implement the following
requirements:
The Chief Executive Officer’s (CEO) office had multiple redundant security measures installed on the door to
the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the
expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a
passphrase on the customer receipts.
In the Data Center you need to include authentication from the “something you know” category and take
advantage of the existing smartcard reader on the door.
In the Help Desk Office, you need to require single factor authentication through the use of physical tokens
given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while
maintaining three-factor authentication and retaining the more expensive controls.
See PDF
A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list
below in the correct order in which the forensic analyst should preserve them.
RAM
CPU cache
Swap
Hard drive
CPU cache
RAM
Swap
Hard drive
A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised?
MAC filtering
Virtualization
OS hardening
Application white-listing
OS hardening
After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access?
Time-of-day restrictions
Change management
Periodic auditing of user credentials
User rights and permission review
User rights and permission review
A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.
During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?
Transitive access
Spoofing
Man-in-the-middle
Replay
Man in the middle
After correctly configuring a new wireless enabled thermostat to control the temperature of the company’s
meeting room, Joe, a network administrator determines that the thermostat is not connecting to the
internet based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?
The company implements a captive portal
The thermostat is using the incorrect encryption algorithm
the WPA2 shared likely is incorrect
The company’s DHCP server scope is full
The WPA2 shared likely is incorrect
An administrator discovers the following log entry on a server:
Nov 12 2013 00:23:45 httpd[2342]:
GET/app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow
Which of the following attacks is being attempted?
Command injection
Password attack
Buffer overflow
Cross-site scripting
Password attack
Which of the following is the LEAST secure hashing algorithm?
SHA1
RIPEMD
MD5
DES
MD5
Which of the following use the SSH protocol?
Stelnet SCP SNMP FTPS SSL SFTP
SCP
SSL
The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured
for HTTPS traffic only. The network administrator has been tasked to update all internal sites without
incurring additional costs. Which of the following is the best solution for the network administrator to secure
each internal website?
Use certificates signed by the company CA
Use a signing certificate as a wild card certificate
Use certificates signed by a public ca
Use a self-signed certificate on each internal server
Use a self-signed certificate on each internal server
An organization is working with a cloud services provider to transition critical business applications to a
hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data. In which of the following documents would this concern MOST likely be addressed?
Service level agreement
Interconnection security agreement
Non-disclosure agreement
Business process analysis
SLA (service level agreement)
During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping
tools. The necessary tools are quickly distributed to the required technicians, but when should this problem
BEST be revisited?
Reporting
Preparation
Mitigation
Lessons Learned
Lesson learned
Which of the following should be used to implement voice encryption?
SSLv3
VDSL
SRTP
VoIP
SRTP
Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain. Which of the following tools would aid her to decipher the network traffic?
Vulnerability Scanner
NMAP
NETSTAT
Packet Analyzer
NETSTAT
A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner
(www.example.net). Which of the following rules is preventing the CSO from accessing the site?
Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?
Rule 1: deny from inside to outside source any destination any service smtp
Rule 2: deny from inside to outside source any destination any service ping
Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
Rule 4: deny from any to any source any destination any service any
Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
Which of the following is the summary of loss for a given year?
MTBF
ALE
SLA
ARO
ALE (Account Level Equivalence)
Two users need to securely share encrypted files via email. Company policy prohibits users from sharing
credentials or exchanging encryption keys. Which of the following can be implemented to enable users to
share encrypted data while abiding by company policies?
Key escrow
Digital signatures
PKI
Hashing
Digital signatures
Which of the following is the proper way to quantify the total monetary damage resulting from an exploited
vulnerability?
Calculate the ALE
Calculate the ARO
Calculate the MTBF
Calculate the TCO
Calculate the ALE (Account level Equivalence)
An administrator is testing the collision resistance of different hashing algorithms.
Which of the following is the strongest collision resistance test?
Find two identical messages with different hashes
Find two identical messages with the same hash
Find a common has between two specific messages
Find a common hash between a specific message and a random message
Find two identical messages with different hashes
An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient.
Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement?
Transitive trust Symmetric encryption Two-factor authentication Digital signatures One-time passwords
Digital signatures
SEE PDF (drop down regarding: retinal scan, passwords, token, fingerprint)
Something you are, something you have, etc.
A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the
following is a feature that is UNIQUE to Kerberos?
It provides authentication services
It uses tickets to identify authenticated users
It provides single sign-on capability
It uses XML for cross-platform interoperability
It uses tickets to identify authenticated users