Topic 4 Flashcards
The help desk is receiving numerous password change alerts from users in the accounting department. These
alerts occur multiple times on the same day for each of the affected users’ accounts. Which of the following
controls should be implemented to curtail this activity?
Password Reuse
Password complexity
Password History
Password Minimum age
Password minimum age
Six months into development, the core team assigned to implement a new internal piece of software must
convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company?
The system integration phase of the SDLC
The system analysis phase of SSDSLC
The system design phase of the SDLC
The system development phase of the SDLC
The system analysis phase of SSDSLC
A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the
following techniques would BEST describe the approach the analyst has taken?
Compliance scanning
Credentialed scanning
Passive vulnerability scanning
Port scanning
Port scanning
While performing a penetration test, the technicians want their efforts to go unnoticed for as long as possible while they gather useful data about the network they are assessing. Which of the following would be the BEST choice for the technicians?
Vulnerability scanner
Offline password cracker
Packet sniffer
Banner grabbing
Packet sniffer
An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?
SaaS
CASB
IaaS
PaaS
CASB (cloud access security broker)
The POODLE attack is an MITM exploit that affects:
TLS1.0 with CBC mode cipher
SSLv2.0 with CBC mode cipher
SSLv3.0 with CBC mode cipher
SSLv3.0 with ECB mode cipher
SSLv3.0 with CBC mode cipher
Which of the following techniques can be bypass a user or computer’s web browser privacy settings? (Select Two)
SQL injection Session hijacking Cross-site scripting Locally shared objects LDAP injection
Session hijacking
Cross-site scripting
A network technician is trying to determine the source of an ongoing network based attack. Which of the
following should the technician use to view IPv4 packet data on a particular internal network segment?
Proxy
Protocol analyzer
Switch
Firewall
Protocol analyzer
To determine the ALE of a particular risk, which of the following must be calculated? (Select two.)
ARO ROI RPO SLE RTO
ARO (Annual Rate of Occurrence)
SLE (Single-loss expectancy)
A security administrator needs an external vendor to correct an urgent issue with an organization’s physical
access control system (PACS). The PACS does not currently have internet access because it is running a
legacy operation system.
Which of the following methods should the security administrator select the best balances security and
efficiency?
Temporarily permit outbound internet access for the pacs so desktop sharing can be set up
Have the external vendor come onsite and provide access to the PACS directly
Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
Set up a web conference on the administrator’s pc; then remotely connect to the pacs
Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:
Rule-based access control
Role-based access control
Mandatory access control
Discretionary access control
Discretionary access control
The IT department needs to prevent users from installing untested applications.
Which of the following would provide the BEST solution?
Job rotation
Least privilege
Account lockout
Antivirus
Least privilege
A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility. Which of the following configuration commands should be implemented to enforce this requirement?
LDAP server 10.55.199.3
CN=company, CN=com, OU=netadmin, DC=192.32.10.233
SYSLOG SERVER 172.16.23.50
TACAS server 192.168.1.100
CN=company, CN=com, OU=netadmin, DC=192.32.10.233
A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL.
Which of the following is the attacker most likely utilizing?
Header manipulation
Cookie hijacking
Cross-site scripting
Xml injection
Header manipulation
Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)
Block level encryption SAML authentication Transport encryption Multifactor authentication Predefined challenge Hashing
SAML Authentication
Multifactor authentication
Which of the following delineates why it is important to perform egress filtering and monitoring on Internet
connected security zones of interfaces on a firewall?
Egress traffic is more important than ingress traffic for malware prevention
To rebalance the amount of outbound traffic and inbound traffic
Outbound traffic could be communicating to known botnet sources
To prevent DDoS attacks originating from external network
To rebalance the amount of outbound traffic and inbound traffic
Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?
Remote exploit
Amplification
Sniffing
Man-in-the-middle
Remote exploit
An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?
Abnormally high numbers of outgoing instant messages that contain obfuscated text
Large-capacity USB drives on the tester’s desk with encrypted zip files
Outgoing emails containing unusually large image files
Unusual SFTP connections to a consumer IP address
Outgoing emails containing unusually large image files
Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based
authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?
Use of OATH between the user and the service and attestation from the company domain
Use of active directory federation between the company and the cloud-based service
Use of smartcards that store x.509 keys, signed by a global CA
Use of a third-party, SAML-based authentication service for attestation
Use of active directory federation between the company and the cloud-based service.
Which of the following can be used to control specific commands that can be executed on a network
infrastructure device?
LDAP
Kerberos
SAML
TACACS+
TACAS+
A wireless network has the following design requirements:
Authentication must not be dependent on enterprise directory service
It must allow background reconnection for mobile users
It must not depend on user certificates
Which of the following should be used in the design to meet the requirements? (Choose two.)
PEAP PSK Open systems authentication EAP-TLS Captive portals
PSK
Captive portals
A security analyst is updating a BIA document. The security analyst notices the support vendor’s time to
replace a server hard drive went from eight hours to two hours. Given these new metrics, which of the
following can be concluded? (Select TWO)
The MTTR is faster. The MTTR is slower. The RTO has increased. The RTO has decreased. The MTTF has increased. The MTTF has decreased.
The MTTR is faster
The RTO has decreased
A new hire wants to use a personally owned phone to access company resources. The new hire expresses
concern about what happens to the data on the phone when they leave the company. Which of the following
portions of the company’s mobile device management configuration would allow the company data to be
removed from the device without touching the new hire’s data?
Asset control
Device access control
Storage lock out
Storage segmentation
Device access control
A consultant has been tasked to assess a client’s network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario?
The switch also serves as the DHCP server
The switch has the lowest MAC address
The switch has spanning tree loop protection enabled
The switch has the fastest uplink port
The switch has spanning tree loop protection enabled
A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network.
Which of the following is the MOST likely method used to gain access to the other host?
Backdoor
Pivoting
Persistance
Logic bomb
Pivoting
A security auditor is putting together a report for the Chief Executive Officer (CEO) on personnel security and its impact on the security posture of the whole organization. Which of the following would be the MOST important factor to consider when it comes to personnel security?
Insider threats Privilege escalation Hacktivist Phishing through social media Corporate espionage
Insider threats
Which of the following is the BEST reason for salting a password hash before it is stored in a database?
To prevent duplicate values from being stored
To make the password retrieval process very slow
To protect passwords from being saved in readable format
To prevent users from using simple passwords for their access credentials
To prevent duplicate values from being stored
An audit has revealed that database administrators are also responsible for auditing database changes and
backup logs. Which of the following access control methodologies would BEST mitigate this concern?
Time of day restrictions
Principle of least privilege
Role-based access control
Separation of duties
Separation of duties
A security administrator determined that users within the company are installing unapproved software.
Company policy dictates that only certain applications may be installed or ran on the user’s computers without
exception. Which of the following should the administrator do to prevent all unapproved software from running on the user’s computer?
Deploy antivirus software and configure it to detect and remove pirated software
Configure the firewall to prevent the downloading of executable files
Create an application whitelist and use OS controls to enforce it
Prevent users from running as administrator so they cannot install software.
Create an application whitelist and use OS controls to enforce it.
Due to regulatory requirements, a security analyst must implement full drive encryption on a Windows file
server. Which of the following should the analyst implement on the system to BEST meet this requirement?
Enable and configure EFS on the file system.
Ensure the hardware supports TPM, and enable it in the BIOS.
Ensure the hardware supports VT-X, and enable it in the BIOS.
Enable and configure BitLocker on the drives.
Enable and configure DFS across the file system.
Ensure the hardware supports TPM, and enable it in the BIOS
Enable and configured bitlocker on the drives.
A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system
administrator has been given the following log files from the VPN, corporate firewall and workstation host.
Which of the following is preventing the remote user from being able to access the workstation?
Network latency is causing remote desktop service request to time out
User1 has been locked out due to too many failed passwords
Lack of network time synchronization is causing authentication mismatches
The workstation has been compromised and is accessing known malware sites
The workstation host firewall is not allowing remote desktop connections
User1 has been locked out due to too many failed passwords
When generating a request for a new x.509 certificate for securing a website, which of the following is the
MOST appropriate hashing algorithm?
RC4
MD5
HMAC
SHA
MD5
Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced
slowness and input lag and found text files that appear to contain pieces of her emails or online conversations
with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine?
Ransomware
Rootkit
Backdoor
Keylogger
Keylogger
When designing a web based client server application with single application server and database cluster
backend, input validation should be performed:
On the client
Using database stored procedures
On the application server
Using HTTPS
On the application server
A security administrator needs to address the following audit recommendations for a public-facing SFTP
server:
Users should be restricted to upload and download files to their own home directories only.
Users should not be allowed to use interactive shell login.
Which of the following configuration parameters should be implemented? (Select TWO).
PermitTunnel ChrootDirectory PermitTTY AllowTcpForwarding IgnoreRhosts
ChrootDirectory
PermitTTY
Which of the following strategies should a systems architect use to minimize availability risks due to
insufficient storage capacity?
High availability
Scalability
Distributive allocation
Load balancing
Scalability
Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users?
NAC
VLAN
DMZ
Subnet
DMZ
Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO)
Public key Shared key Elliptic curve MD5 Private key DES
Public key
Private key
Many employees are receiving email messages similar to the one shown below:
From IT department To employee Subject email quota exceeded Pease click on the following link
http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email
quotA. Upon reviewing other similar emails, the security administrator realized that all the phishing URLs
have the following common elements; they all use HTTP, they all come from .info domains, and they all
contain the same URI. Which of the following should the security administrator configure on the corporate
content filter to prevent users from accessing the phishing URL, while at the same time minimizing false
positives?
A. BLOCK http://www.*.info/ B. DROP http:// "website.info/email.php?* C. Redirect http://www,*.Info/email.php?quota=*TOhttp://company.com/corporate_polict.html D. DENY http://*.info/email.php?quota=1Gb
D. DENY
http://*.info/email.php?quota=1Gb
A member of the admins group reports being unable to modify the “changes” file on a server.
The permissions on the file are as follows:
Permissions User Group File
-rwxrw-r–+ Admins Admins changes
Based on the output above, which of the following BEST explains why the user is unable to modify the
“changes” file?
The SELinux mode on the server is set to “enforcing.”
The SELinux mode on the server is set to “permissive.”
An FACL has been added to the permissions for the file.
The admins group does not have adequate permissions to access the file.
An FACL has been added to the permissions for the file.
A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?
Put the VoIP network into a different VLAN than the existing data network.
Upgrade the edge switches from 10/100/1000 to improve network speed
Physically separate the VoIP phones from the data network
Implement flood guards on the data network
Put the VoIP network into a different VLAN than the existing data network
A company would like to prevent the use of a known set of applications from being used on company
computers. Which of the following should the security administrator implement?
Whitelisting Anti-malware Application hardening Blacklisting Disable removable media
Blacklisting
A vice president at a manufacturing organization is concerned about desktops being connected to the network.
Employees need to log onto the desktops’ local account to verify that a product is being created within
specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST
way to accomplish this?
Put the desktops in the DMZ.
Create a separate VLAN for the desktops.
Air gap the desktops.
Join the desktops to an ad-hoc network.
Air gap the desktops
During a recent audit, it was discovered that many services and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to discover this issue?
Network mapping
Vulnerability scan
Port Scan
Protocol analysis
Vulnerability scan
A network administrator adds an ACL to allow only HTTPS connections form host 192.168.2.3 to web server 192.168.5.2. After applying the rule, the host is unable to access the server.
The network administrator runs the output and notices the configuration below:
Which of the following rules would be BEST to resolve the issue?
Option A
Option B
Option C
Option D
Option A
A company’s loss control department identifies theft as a recurring loss type over the past year. Based on the
department’s report, the Chief Information Officer (CIO) wants to detect theft of datacenter equipment. Which
of the following controls should be implemented?
Biometrics
Cameras
Motion detectors
Mantraps
Motion detectors
Which of the following penetration testing concepts is being used when an attacker uses public Internet
databases to enumerate and learn more about a target?
Reconnaissance Initial exploitation Pivoting Vulnerability scanning White box testing
Reconnaissance
After a security incident, management is meeting with involved employees to document the incident and its
aftermath. Which of the following BEST describes this phase of the incident response process?
Lessons learned
Recovery
Identification
Preparation
Lessons learned
A security administrator wants to implement a logon script that will prevent MITM attacks on the local LAN.
Which of the following commands should the security administrator implement within the script to accomplish
this task?
arp - s 192.168.1.1 00-3a-d1-fa-b1-06
dig - x@192.168.1.1 mypc.comptia.com
nmap - A - T4 192.168.1.1
tcpdump - lnv host 192.168.1.1 or either 00:3a:d1:fa:b1:06
arp - s 192.168.1.1 00-3a-d1-fa-b1-06
A vulnerability scan is being conducted against a desktop system. The scan is looking for files, versions, and registry values known to be associated with system vulnerabilities. Which of the following BEST describes the type of scan being performed?
Non-intrusive
Authenticated
Credentialed
Active
Credentialed
The computer resource center issued smartphones to all first-level and above managers. The managers have
the ability to install mobile tools. Which of the following tools should be implemented to control the types of
tools the managers install?
Download manager
Content manager
Segmentation manager
Application manager
Application manager
A security analyst is working on a project that requires the implementation of a stream cipher. Which of the
following should the analyst use?
Hash function
Elliptic curve
Symmetric algorithm
Public key cryptography
Symmetric algorithm
A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username “gotcha” and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Select TWO)
Logic bomb Backdoor Keylogger Netstat Tracert Ping
Backdoor
Netstat
A user needs to send sensitive information to a colleague using PKI. Which of the following concepts apply when a sender encrypts the message hash with the sender’s private key? (Select TWO)
Non-repudiation Email content encryption Steganography Transport security Message integrity
Non-repudiation
Message integrity
An attacker captures the encrypted communication between two parties for a week, but is unable to decrypt the messages. The attacker then compromises the session key during one exchange and successfully compromises a single message. The attacker plans to use this key to decrypt previously captured and future communications, but is unable to. This is because the encryption scheme in use adheres to:
Asymmetric encryption
Out-of-band key exchange
Perfect forward secrecy
Secure key escrow
Perfect forward secrecy
In determining when it may be necessary to perform a credentialed scan against a system instead of a
noncredentialed scan, which of the following requirements is MOST likely to influence this decision?
The scanner must be able to enumerate the host OS of devices scanned.
The scanner must be able to footprint the network.
The scanner must be able to check for open ports with listening services.
The scanner must be able to audit file system permissions
The scanner must be able to audit files system permissions
Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users’ email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken FIRST? (Select TWO)
Disable the compromised accounts
Update WAF rules to block social networks
Remove the compromised accounts with all AD groups
Change the compromised accounts’ passwords
Disable the open relay on the email server
Enable sender policy framework
Disable the open relay on the email server
Enable sender policy framework
Which of the following is commonly done as part of a vulnerability scan?
Exploiting misconfigured applications
Cracking employee passwords
Sending phishing emails to employees
Identifying unpatched workstations
Identifying unpatched workstations
An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server. Which of the following should a security analyst do FIRST?
Make a copy of everything in memory on the workstation.
Turn off the workstation.
Consult information security policy.
Run a virus scan.
Make a copy of everything in memory on the workstation
A website administrator has received an alert from an application designed to check the integrity of the
company’s website. The alert indicated that the hash value for a particular MPEG file has changed. Upon
further investigation, the media appears to be the same as it was before the alert. Which of the following
methods has MOST likely been used?
Cryptography Time of check/time of use Man in the middle Covert timing Steganography
Steganography
The administrator installs database software to encrypt each field as it is written to disk.
Which of the following describes the encrypted data?
In-transit
In-use
Embedded
At-rest
In-use
A security administrator wants to configure a company’s wireless network in a way that will prevent wireless clients from broadcasting the company’s SSID. Which of the following should be configured on the
company’s access points?
Enable ESSID broadcast Enable protected management frames Enable wireless encryption Disable MAC authentication Disable WPS Disable SSID broadcast
Disable SSID broadcast
After surfing the Internet, Joe, a user, woke up to find all his files were corrupted. His wallpaper was replaced
by a message stating the files were encrypted and he needed to transfer money to a foreign country to recover them. Joe is a victim of:
a keylogger
spyware
ransomware
a logic bomb
Ransomeware
A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual
authentication. Which of the following should the engineer implement if the design requires client MAC
address to be visible across the tunnel?
Tunnel mode IPSec
Transport mode VPN IPSec
L2TP
SSL VPN
SSL VPN
A security administrator receives an alert from a third-party vendor that indicates a certificate that was
installed in the browser has been hijacked at the root of a small public CA. The security administrator knows
there are at least four different browsers in use on more than a thousand computers in the domain worldwide.
Which of the following solutions would be BEST for the security administrator to implement to most
efficiently assist with this issue?
SSL
CRL
PKI
ACL
CRL
While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST effectively improve the security posture of the application against these attacks? (Select two)
Minimum complexity Maximum age limit Maximum length Minimum length Minimum age limit Minimum re-use limit
Maximum complexity
Minimum length
Which of the following could occur when both strong and weak ciphers are configured on a VPN
concentrator? (Select TWO)
An attacker could potentially perform a downgrade attack.
The connection is vulnerable to resource exhaustion.
The integrity of the data could be at risk.
The VPN concentrator could revert to L2TP.
The IPSec payload reverted to 16-bit sequence numbers.
An attacker could potentially perform a downgrade attack.
The IPSec payload reverted to 16-bit sequence numbers.
The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems.
The help desk is receive reports that users are experiencing the following error when attempting to log in to their previous system:
Logon Failure: Access Denied
Which of the following can cause this issue?
Permission issues
Access violations
Certificate issues
Misconfigured devices
Certificate issues
The security administrator has noticed cars parking just outside of the building fence line. Which of the
following security measures can the administrator use to help protect the company’s WiFi network against war driving? (Select TWO)
Create a honeynet Reduce beacon rate Add false SSIDs Change antenna placement Adjust power level controls Implement a warning banner
Change antenna placement
Adjust power level controls
A security administrator is reviewing the following network capture:
192.168.20.43:2043 -> 10.234.66.21:80
POST “192.168.20.43 https://www.banksite.comJoeUsrerPassword”
Which of the following malware is MOST likely to generate the above information?
Keylogger
Ransomware
Logic bomb
Adware
Keylogger
As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices. Which of the following would BEST help to accomplish this?
Require the use of an eight-character PIN.
Implement containerization of company data.
Require annual AUP sign-off.
Use geofencing tools to unlock devices while on the premises.
Implement containerization of company data.
A datacenter recently experienced a breach. When access was gained, an RF device was used to access an air-gapped and locked server rack. Which of the following would BEST prevent this type of attack?
Faraday cage
Smart cards
Infrared detection
Alarms
Faraday cage
An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange?
DES Blowfish DSA Diffie-Hellman 3DES
Diffie-Hellman
An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following
actions will help detect attacker attempts to further alter log files?
Enable verbose system logging
Change the permissions on the user’s home directory
Implement remote syslog
Set the bash_history log file to “read only”
Implement remote syslog
A web developer improves client access to the company’s REST API. Authentication needs to be tokenized but not expose the client’s password. Which of the following methods would BEST meet the developer’s requirements?
SAML
LDAP
OAuth
Shibboleth
SAML
A security analyst captures forensic evidence from a potentially compromised system for further investigation.
The evidence is documented and securely stored to FIRST:
maintain the chain of custody.
preserve the data.
obtain a legal hold.
recover data at a later time.
Preserve the data
A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the
following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?
Firmware version control Manual software upgrades Vulnerability scanning Automatic updates Network segmentation Application firewalls
Firmware version control
and
Automatic updates
Which of the following are used to increase the computing time it takes to brute force a password using an offline attack? (Select TWO)
XOR PBKDF2 bcrypt HMAC RIPEMD
PBKDF2
and
bcrypt
A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered
an information loss breach. Which of the following is MOST likely the cause?
Insufficient key bit length
Weak cipher suite
Unauthenticated encryption method
Poor implementation
Poor implementation
An attack that is using interference as its main attack to impede network traffic is which of the following?
Introducing too much data to a targets memory allocation
Utilizing a previously unknown security flaw against the target
Using a similar wireless configuration of a nearby network
Inundating a target system with SYN requests
Using a similar wireless configuration of a nearby network
Ann, a college professor, was recently reprimanded for posting disparaging remarks regrading her coworkers
on a web site. Ann stated that she was not aware that the public was able to view her remarks. Which of the
following security-related training could have made Ann aware of the repercussions of her actions?
Data Labeling and disposal
Use of social networking
Use of P2P networking
Role-based training
Use of social networking
A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the
supervisor terminates an employee as a result of the suspected data loss. During the investigation, the
supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company. The situation can be identified for future mitigation as which of the following?
Job rotation
Log failure
Lack of training
Insider threat
Log failure
Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled?
Full backup
Incremental backup
Differential backup
Snapshot
Differential backup
An actor downloads and runs a program against a corporate login page. The program imports a list of
usernames and passwords, looking for a successful attempt.
Which of the following terms BEST describes the actor in this situation?
Script kiddie
Hacktivist
Cryptologist
Security auditor
Script kiddie
A security analyst is reviewing the following packet capture of an attack directed at a company’s server located in the DMZ:
Which of the following ACLs provides the BEST protection against the above attack and any further attacks from the same IP, while minimizing service interruption?
DENY TCO From ANY to 172.31.64.4
Deny UDP from 192.168.1.0/24 to 172.31.67.0/24
Deny IP from 192.168.1.10/32 to 0.0.0.0/0
Deny TCP from 192.168.1.10 to 172.31.67.4
Deny TCP from 192.168.1.10 to 172.31.67.4
Which of the following could help detect trespassers in a secure facility? (Select TWO)
Faraday cages Motion-detection sensors Tall, chain-link fencing Security guards Smart cards
Motion-detection sensors
and
Security guards
An organization wants to utilize a common, Internet-based third-party provider for authorization and
authentication. The provider uses a technology based on OAuth 2.0 to provide required services. To which of
the following technologies is the provider referring?
Open ID Connect
SAML
XACML
LDAP
Open ID Connect
A penetration tester harvests potential usernames from a social networking site. The penetration tester then
uses social engineering to attempt to obtain associated passwords to gain unauthorized access to shares on a
network server.
Which of the following methods is the penetration tester MOST likely using?
Escalation of privilege
SQL injection
Active reconnaissance
Proxy server
Active reconnaissance
An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server. Which of the following will most likely fix the uploading issue for the users?
Create an ACL to allow the FTP service write access to user directories
Set the Boolean selinux value to allow FTP home directory uploads
Reconfigure the ftp daemon to operate without utilizing the PSAV mode
Configure the FTP daemon to utilize PAM authentication pass through user permissions
Create an ACL to allow the FTP service write access to user directories
Which of the following allows an application to securely authenticate a user by receiving credentials from a
web domain?
TACACS+
RADIUS
Kerberos
SAML
SAML
A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network. The access the server using RDP on a port other than the typical registered port for the RDP protocol?
TLS
MPLS
SCP
SSH
TLS
During a third-party audit, it is determined that a member of the firewall team can request, approve, and
implement a new rule-set on the firewall. Which of the following will the audit team most l likely recommend
during the audit out brief?
Discretionary access control for the firewall team
Separation of duties policy for the firewall team
Least privilege for the firewall team
Mandatory access control for the firewall team
Separation of duties policy for the firewall team
Which of the following allows an auditor to test proprietary-software compiled code for security flaws?
Fuzzing
Static review
Code signing
Regression testing
Fuzzing
An external contractor, who has not been given information about the software or network architecture, is conducting a penetration test. Which of the following BEST describes the test being performed?
Black box
White box
Passive reconnaissance
Vulnerability scan
Black box
A company recently replaced its unsecure email server with a cloud-based email and collaboration solution
that is managed and insured by a third party. Which of the following actions did the company take regarding
risks related to its email and collaboration services?
Transference
Acceptance
Mitigation
Deterrence
Transferance
A company is evaluating cloud providers to reduce the cost of its internal IT operations. The company’s aging
systems are unable to keep up with customer demand. Which of the following cloud models will the company
MOST likely select?
PaaS
SaaS
IaaS
BaaS
IaaS
A security administrator suspects that data on a server has been exhilarated as a result of unauthorized remote access. Which of the following would assist the administrator in confirming the suspicions? (Select TWO)
Networking access control DLP alerts Log analysis File integrity monitoring Host firewall rules
DLP alerts
and
Log analysis
A datacenter manager has been asked to prioritize critical system recovery priorities.
Which of the following is the MOST critical for immediate recovery?
Communications software
Operating system software
Weekly summary reports to management
Financial and production software
Operating system software
Users in a corporation currently authenticate with a username and password. A security administrator wishes to implement two-factor authentication to improve security.
Which of the following authentication methods should be deployed to achieve this goal?
PIN Security Smart card Passphrase CAPTCHA
Smart card
Which of the following is the BEST choice for a security control that represents a preventive and corrective
logical control at the same time?
Security awareness training
Antivirus
Firewalls
Intrusion detection system
Antivirus
