Topic 4 Flashcards

1
Q

The help desk is receiving numerous password change alerts from users in the accounting department. These
alerts occur multiple times on the same day for each of the affected users’ accounts. Which of the following
controls should be implemented to curtail this activity?

Password Reuse
Password complexity
Password History
Password Minimum age

A

Password minimum age

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Six months into development, the core team assigned to implement a new internal piece of software must
convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company?

The system integration phase of the SDLC
The system analysis phase of SSDSLC
The system design phase of the SDLC
The system development phase of the SDLC

A

The system analysis phase of SSDSLC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the
following techniques would BEST describe the approach the analyst has taken?

Compliance scanning
Credentialed scanning
Passive vulnerability scanning
Port scanning

A

Port scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

While performing a penetration test, the technicians want their efforts to go unnoticed for as long as possible while they gather useful data about the network they are assessing. Which of the following would be the BEST choice for the technicians?

Vulnerability scanner
Offline password cracker
Packet sniffer
Banner grabbing

A

Packet sniffer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?

SaaS
CASB
IaaS
PaaS

A

CASB (cloud access security broker)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The POODLE attack is an MITM exploit that affects:

TLS1.0 with CBC mode cipher
SSLv2.0 with CBC mode cipher
SSLv3.0 with CBC mode cipher
SSLv3.0 with ECB mode cipher

A

SSLv3.0 with CBC mode cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following techniques can be bypass a user or computer’s web browser privacy settings? (Select Two)

SQL injection
Session hijacking
Cross-site scripting
Locally shared objects
LDAP injection
A

Session hijacking

Cross-site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A network technician is trying to determine the source of an ongoing network based attack. Which of the
following should the technician use to view IPv4 packet data on a particular internal network segment?

Proxy
Protocol analyzer
Switch
Firewall

A

Protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

To determine the ALE of a particular risk, which of the following must be calculated? (Select two.)

ARO
ROI
RPO
SLE
RTO
A

ARO (Annual Rate of Occurrence)

SLE (Single-loss expectancy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A security administrator needs an external vendor to correct an urgent issue with an organization’s physical
access control system (PACS). The PACS does not currently have internet access because it is running a
legacy operation system.
Which of the following methods should the security administrator select the best balances security and
efficiency?

Temporarily permit outbound internet access for the pacs so desktop sharing can be set up

Have the external vendor come onsite and provide access to the PACS directly

Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

Set up a web conference on the administrator’s pc; then remotely connect to the pacs

A

Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:

Rule-based access control
Role-based access control
Mandatory access control
Discretionary access control

A

Discretionary access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The IT department needs to prevent users from installing untested applications.
Which of the following would provide the BEST solution?

Job rotation
Least privilege
Account lockout
Antivirus

A

Least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility. Which of the following configuration commands should be implemented to enforce this requirement?

LDAP server 10.55.199.3
CN=company, CN=com, OU=netadmin, DC=192.32.10.233
SYSLOG SERVER 172.16.23.50
TACAS server 192.168.1.100

A

CN=company, CN=com, OU=netadmin, DC=192.32.10.233

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL.
Which of the following is the attacker most likely utilizing?

Header manipulation
Cookie hijacking
Cross-site scripting
Xml injection

A

Header manipulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)

Block level encryption
SAML authentication
Transport encryption
Multifactor authentication
Predefined challenge
Hashing
A

SAML Authentication

Multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following delineates why it is important to perform egress filtering and monitoring on Internet
connected security zones of interfaces on a firewall?

Egress traffic is more important than ingress traffic for malware prevention
To rebalance the amount of outbound traffic and inbound traffic
Outbound traffic could be communicating to known botnet sources
To prevent DDoS attacks originating from external network

A

To rebalance the amount of outbound traffic and inbound traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?

Remote exploit
Amplification
Sniffing
Man-in-the-middle

A

Remote exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?

Abnormally high numbers of outgoing instant messages that contain obfuscated text

Large-capacity USB drives on the tester’s desk with encrypted zip files

Outgoing emails containing unusually large image files

Unusual SFTP connections to a consumer IP address

A

Outgoing emails containing unusually large image files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based
authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?

Use of OATH between the user and the service and attestation from the company domain
Use of active directory federation between the company and the cloud-based service
Use of smartcards that store x.509 keys, signed by a global CA
Use of a third-party, SAML-based authentication service for attestation

A

Use of active directory federation between the company and the cloud-based service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following can be used to control specific commands that can be executed on a network
infrastructure device?

LDAP
Kerberos
SAML
TACACS+

A

TACAS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A wireless network has the following design requirements:

Authentication must not be dependent on enterprise directory service
It must allow background reconnection for mobile users
It must not depend on user certificates
Which of the following should be used in the design to meet the requirements? (Choose two.)

PEAP
PSK
Open systems authentication
EAP-TLS
Captive portals
A

PSK

Captive portals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A security analyst is updating a BIA document. The security analyst notices the support vendor’s time to
replace a server hard drive went from eight hours to two hours. Given these new metrics, which of the
following can be concluded? (Select TWO)

The MTTR is faster.
The MTTR is slower.
The RTO has increased.
The RTO has decreased.
The MTTF has increased.
The MTTF has decreased.
A

The MTTR is faster

The RTO has decreased

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A new hire wants to use a personally owned phone to access company resources. The new hire expresses
concern about what happens to the data on the phone when they leave the company. Which of the following
portions of the company’s mobile device management configuration would allow the company data to be
removed from the device without touching the new hire’s data?

Asset control
Device access control
Storage lock out
Storage segmentation

A

Device access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A consultant has been tasked to assess a client’s network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario?

The switch also serves as the DHCP server
The switch has the lowest MAC address
The switch has spanning tree loop protection enabled
The switch has the fastest uplink port

A

The switch has spanning tree loop protection enabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network.
Which of the following is the MOST likely method used to gain access to the other host?

Backdoor
Pivoting
Persistance
Logic bomb

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A security auditor is putting together a report for the Chief Executive Officer (CEO) on personnel security and its impact on the security posture of the whole organization. Which of the following would be the MOST important factor to consider when it comes to personnel security?

Insider threats
Privilege escalation
Hacktivist
Phishing through social media
Corporate espionage
A

Insider threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following is the BEST reason for salting a password hash before it is stored in a database?

To prevent duplicate values from being stored
To make the password retrieval process very slow
To protect passwords from being saved in readable format
To prevent users from using simple passwords for their access credentials

A

To prevent duplicate values from being stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

An audit has revealed that database administrators are also responsible for auditing database changes and
backup logs. Which of the following access control methodologies would BEST mitigate this concern?

Time of day restrictions
Principle of least privilege
Role-based access control
Separation of duties

A

Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A security administrator determined that users within the company are installing unapproved software.
Company policy dictates that only certain applications may be installed or ran on the user’s computers without
exception. Which of the following should the administrator do to prevent all unapproved software from running on the user’s computer?

Deploy antivirus software and configure it to detect and remove pirated software
Configure the firewall to prevent the downloading of executable files
Create an application whitelist and use OS controls to enforce it
Prevent users from running as administrator so they cannot install software.

A

Create an application whitelist and use OS controls to enforce it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Due to regulatory requirements, a security analyst must implement full drive encryption on a Windows file
server. Which of the following should the analyst implement on the system to BEST meet this requirement?

Enable and configure EFS on the file system.
Ensure the hardware supports TPM, and enable it in the BIOS.
Ensure the hardware supports VT-X, and enable it in the BIOS.
Enable and configure BitLocker on the drives.
Enable and configure DFS across the file system.

A

Ensure the hardware supports TPM, and enable it in the BIOS

Enable and configured bitlocker on the drives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system
administrator has been given the following log files from the VPN, corporate firewall and workstation host.
Which of the following is preventing the remote user from being able to access the workstation?

Network latency is causing remote desktop service request to time out
User1 has been locked out due to too many failed passwords
Lack of network time synchronization is causing authentication mismatches
The workstation has been compromised and is accessing known malware sites
The workstation host firewall is not allowing remote desktop connections

A

User1 has been locked out due to too many failed passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

When generating a request for a new x.509 certificate for securing a website, which of the following is the
MOST appropriate hashing algorithm?

RC4
MD5
HMAC
SHA

A

MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced
slowness and input lag and found text files that appear to contain pieces of her emails or online conversations
with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine?

Ransomware
Rootkit
Backdoor
Keylogger

A

Keylogger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

When designing a web based client server application with single application server and database cluster
backend, input validation should be performed:

On the client
Using database stored procedures
On the application server
Using HTTPS

A

On the application server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A security administrator needs to address the following audit recommendations for a public-facing SFTP
server:

Users should be restricted to upload and download files to their own home directories only.
Users should not be allowed to use interactive shell login.
Which of the following configuration parameters should be implemented? (Select TWO).

PermitTunnel
ChrootDirectory
PermitTTY
AllowTcpForwarding
IgnoreRhosts
A

ChrootDirectory

PermitTTY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following strategies should a systems architect use to minimize availability risks due to
insufficient storage capacity?

High availability
Scalability
Distributive allocation
Load balancing

A

Scalability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users?

NAC
VLAN
DMZ
Subnet

A

DMZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO)

Public key
Shared key
Elliptic curve
MD5
Private key
DES
A

Public key

Private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Many employees are receiving email messages similar to the one shown below:
From IT department To employee Subject email quota exceeded Pease click on the following link
http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email
quotA. Upon reviewing other similar emails, the security administrator realized that all the phishing URLs
have the following common elements; they all use HTTP, they all come from .info domains, and they all
contain the same URI. Which of the following should the security administrator configure on the corporate
content filter to prevent users from accessing the phishing URL, while at the same time minimizing false
positives?

A. BLOCK
http://www.*.info/
B. DROP
http://
"website.info/email.php?*
C. Redirect
http://www,*.Info/email.php?quota=*TOhttp://company.com/corporate_polict.html
D. DENY
http://*.info/email.php?quota=1Gb
A

D. DENY

http://*.info/email.php?quota=1Gb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

A member of the admins group reports being unable to modify the “changes” file on a server.
The permissions on the file are as follows:

Permissions User Group File
-rwxrw-r–+ Admins Admins changes
Based on the output above, which of the following BEST explains why the user is unable to modify the
“changes” file?

The SELinux mode on the server is set to “enforcing.”
The SELinux mode on the server is set to “permissive.”
An FACL has been added to the permissions for the file.
The admins group does not have adequate permissions to access the file.

A

An FACL has been added to the permissions for the file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?

Put the VoIP network into a different VLAN than the existing data network.
Upgrade the edge switches from 10/100/1000 to improve network speed
Physically separate the VoIP phones from the data network
Implement flood guards on the data network

A

Put the VoIP network into a different VLAN than the existing data network

42
Q

A company would like to prevent the use of a known set of applications from being used on company
computers. Which of the following should the security administrator implement?

Whitelisting
Anti-malware
Application hardening
Blacklisting
Disable removable media
A

Blacklisting

43
Q

A vice president at a manufacturing organization is concerned about desktops being connected to the network.
Employees need to log onto the desktops’ local account to verify that a product is being created within
specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST
way to accomplish this?

Put the desktops in the DMZ.
Create a separate VLAN for the desktops.
Air gap the desktops.
Join the desktops to an ad-hoc network.

A

Air gap the desktops

44
Q

During a recent audit, it was discovered that many services and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to discover this issue?

Network mapping
Vulnerability scan
Port Scan
Protocol analysis

A

Vulnerability scan

45
Q

A network administrator adds an ACL to allow only HTTPS connections form host 192.168.2.3 to web server 192.168.5.2. After applying the rule, the host is unable to access the server.
The network administrator runs the output and notices the configuration below:
Which of the following rules would be BEST to resolve the issue?

Option A
Option B
Option C
Option D

A

Option A

46
Q

A company’s loss control department identifies theft as a recurring loss type over the past year. Based on the
department’s report, the Chief Information Officer (CIO) wants to detect theft of datacenter equipment. Which
of the following controls should be implemented?

Biometrics
Cameras
Motion detectors
Mantraps

A

Motion detectors

47
Q

Which of the following penetration testing concepts is being used when an attacker uses public Internet
databases to enumerate and learn more about a target?

Reconnaissance
Initial exploitation
Pivoting
Vulnerability scanning
White box testing
A

Reconnaissance

48
Q

After a security incident, management is meeting with involved employees to document the incident and its
aftermath. Which of the following BEST describes this phase of the incident response process?

Lessons learned
Recovery
Identification
Preparation

A

Lessons learned

49
Q

A security administrator wants to implement a logon script that will prevent MITM attacks on the local LAN.
Which of the following commands should the security administrator implement within the script to accomplish
this task?

arp - s 192.168.1.1 00-3a-d1-fa-b1-06
dig - x@192.168.1.1 mypc.comptia.com
nmap - A - T4 192.168.1.1
tcpdump - lnv host 192.168.1.1 or either 00:3a:d1:fa:b1:06

A

arp - s 192.168.1.1 00-3a-d1-fa-b1-06

50
Q

A vulnerability scan is being conducted against a desktop system. The scan is looking for files, versions, and registry values known to be associated with system vulnerabilities. Which of the following BEST describes the type of scan being performed?

Non-intrusive
Authenticated
Credentialed
Active

A

Credentialed

51
Q

The computer resource center issued smartphones to all first-level and above managers. The managers have
the ability to install mobile tools. Which of the following tools should be implemented to control the types of
tools the managers install?

Download manager
Content manager
Segmentation manager
Application manager

A

Application manager

52
Q

A security analyst is working on a project that requires the implementation of a stream cipher. Which of the
following should the analyst use?

Hash function
Elliptic curve
Symmetric algorithm
Public key cryptography

A

Symmetric algorithm

53
Q

A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username “gotcha” and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Select TWO)

Logic bomb
Backdoor
Keylogger
Netstat
Tracert
Ping
A

Backdoor

Netstat

54
Q

A user needs to send sensitive information to a colleague using PKI. Which of the following concepts apply when a sender encrypts the message hash with the sender’s private key? (Select TWO)

Non-repudiation
Email content encryption
Steganography
Transport security
Message integrity
A

Non-repudiation

Message integrity

55
Q

An attacker captures the encrypted communication between two parties for a week, but is unable to decrypt the messages. The attacker then compromises the session key during one exchange and successfully compromises a single message. The attacker plans to use this key to decrypt previously captured and future communications, but is unable to. This is because the encryption scheme in use adheres to:

Asymmetric encryption
Out-of-band key exchange
Perfect forward secrecy
Secure key escrow

A

Perfect forward secrecy

56
Q

In determining when it may be necessary to perform a credentialed scan against a system instead of a
noncredentialed scan, which of the following requirements is MOST likely to influence this decision?

The scanner must be able to enumerate the host OS of devices scanned.
The scanner must be able to footprint the network.
The scanner must be able to check for open ports with listening services.
The scanner must be able to audit file system permissions

A

The scanner must be able to audit files system permissions

57
Q

Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users’ email contacts are complaining of an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken FIRST? (Select TWO)

Disable the compromised accounts
Update WAF rules to block social networks
Remove the compromised accounts with all AD groups
Change the compromised accounts’ passwords
Disable the open relay on the email server
Enable sender policy framework

A

Disable the open relay on the email server

Enable sender policy framework

58
Q

Which of the following is commonly done as part of a vulnerability scan?

Exploiting misconfigured applications
Cracking employee passwords
Sending phishing emails to employees
Identifying unpatched workstations

A

Identifying unpatched workstations

59
Q

An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server. Which of the following should a security analyst do FIRST?

Make a copy of everything in memory on the workstation.
Turn off the workstation.
Consult information security policy.
Run a virus scan.

A

Make a copy of everything in memory on the workstation

60
Q

A website administrator has received an alert from an application designed to check the integrity of the
company’s website. The alert indicated that the hash value for a particular MPEG file has changed. Upon
further investigation, the media appears to be the same as it was before the alert. Which of the following
methods has MOST likely been used?

Cryptography
Time of check/time of use
Man in the middle
Covert timing
Steganography
A

Steganography

61
Q

The administrator installs database software to encrypt each field as it is written to disk.
Which of the following describes the encrypted data?

In-transit
In-use
Embedded
At-rest

A

In-use

62
Q

A security administrator wants to configure a company’s wireless network in a way that will prevent wireless clients from broadcasting the company’s SSID. Which of the following should be configured on the
company’s access points?

Enable ESSID broadcast
Enable protected management frames
Enable wireless encryption
Disable MAC authentication
Disable WPS
Disable SSID broadcast
A

Disable SSID broadcast

63
Q

After surfing the Internet, Joe, a user, woke up to find all his files were corrupted. His wallpaper was replaced
by a message stating the files were encrypted and he needed to transfer money to a foreign country to recover them. Joe is a victim of:

a keylogger
spyware
ransomware
a logic bomb

A

Ransomeware

64
Q

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual
authentication. Which of the following should the engineer implement if the design requires client MAC
address to be visible across the tunnel?

Tunnel mode IPSec
Transport mode VPN IPSec
L2TP
SSL VPN

A

SSL VPN

65
Q

A security administrator receives an alert from a third-party vendor that indicates a certificate that was
installed in the browser has been hijacked at the root of a small public CA. The security administrator knows
there are at least four different browsers in use on more than a thousand computers in the domain worldwide.
Which of the following solutions would be BEST for the security administrator to implement to most
efficiently assist with this issue?

SSL
CRL
PKI
ACL

A

CRL

66
Q

While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST effectively improve the security posture of the application against these attacks? (Select two)

Minimum complexity
Maximum age limit
Maximum length
Minimum length
Minimum age limit
Minimum re-use limit
A

Maximum complexity

Minimum length

67
Q

Which of the following could occur when both strong and weak ciphers are configured on a VPN
concentrator? (Select TWO)

An attacker could potentially perform a downgrade attack.
The connection is vulnerable to resource exhaustion.
The integrity of the data could be at risk.
The VPN concentrator could revert to L2TP.
The IPSec payload reverted to 16-bit sequence numbers.

A

An attacker could potentially perform a downgrade attack.

The IPSec payload reverted to 16-bit sequence numbers.

68
Q

The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems.

The help desk is receive reports that users are experiencing the following error when attempting to log in to their previous system:

Logon Failure: Access Denied
Which of the following can cause this issue?

Permission issues
Access violations
Certificate issues
Misconfigured devices

A

Certificate issues

69
Q

The security administrator has noticed cars parking just outside of the building fence line. Which of the
following security measures can the administrator use to help protect the company’s WiFi network against war driving? (Select TWO)

Create a honeynet
Reduce beacon rate
Add false SSIDs
Change antenna placement
Adjust power level controls
Implement a warning banner
A

Change antenna placement

Adjust power level controls

70
Q

A security administrator is reviewing the following network capture:

192.168.20.43:2043 -> 10.234.66.21:80
POST “192.168.20.43 https://www.banksite.comJoeUsrerPassword”

Which of the following malware is MOST likely to generate the above information?

Keylogger
Ransomware
Logic bomb
Adware

A

Keylogger

71
Q

As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices. Which of the following would BEST help to accomplish this?

Require the use of an eight-character PIN.
Implement containerization of company data.
Require annual AUP sign-off.
Use geofencing tools to unlock devices while on the premises.

A

Implement containerization of company data.

72
Q

A datacenter recently experienced a breach. When access was gained, an RF device was used to access an air-gapped and locked server rack. Which of the following would BEST prevent this type of attack?

Faraday cage
Smart cards
Infrared detection
Alarms

A

Faraday cage

73
Q

An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files, the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange?

DES
Blowfish
DSA
Diffie-Hellman
3DES
A

Diffie-Hellman

74
Q

An administrator thinks the UNIX systems may be compromised, but a review of system log files provides no useful information. After discussing the situation with the security team, the administrator suspects that the attacker may be altering the log files and removing evidence of intrusion activity. Which of the following
actions will help detect attacker attempts to further alter log files?

Enable verbose system logging
Change the permissions on the user’s home directory
Implement remote syslog
Set the bash_history log file to “read only”

A

Implement remote syslog

75
Q

A web developer improves client access to the company’s REST API. Authentication needs to be tokenized but not expose the client’s password. Which of the following methods would BEST meet the developer’s requirements?

SAML
LDAP
OAuth
Shibboleth

A

SAML

76
Q

A security analyst captures forensic evidence from a potentially compromised system for further investigation.
The evidence is documented and securely stored to FIRST:

maintain the chain of custody.
preserve the data.
obtain a legal hold.
recover data at a later time.

A

Preserve the data

77
Q

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the
following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?

Firmware version control
Manual software upgrades
Vulnerability scanning
Automatic updates
Network segmentation
Application firewalls
A

Firmware version control

and

Automatic updates

78
Q

Which of the following are used to increase the computing time it takes to brute force a password using an offline attack? (Select TWO)

XOR
PBKDF2
bcrypt
HMAC
RIPEMD
A

PBKDF2

and

bcrypt

79
Q

A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered
an information loss breach. Which of the following is MOST likely the cause?

Insufficient key bit length
Weak cipher suite
Unauthenticated encryption method
Poor implementation

A

Poor implementation

80
Q

An attack that is using interference as its main attack to impede network traffic is which of the following?

Introducing too much data to a targets memory allocation
Utilizing a previously unknown security flaw against the target
Using a similar wireless configuration of a nearby network
Inundating a target system with SYN requests

A

Using a similar wireless configuration of a nearby network

81
Q

Ann, a college professor, was recently reprimanded for posting disparaging remarks regrading her coworkers
on a web site. Ann stated that she was not aware that the public was able to view her remarks. Which of the
following security-related training could have made Ann aware of the repercussions of her actions?

Data Labeling and disposal
Use of social networking
Use of P2P networking
Role-based training

A

Use of social networking

82
Q

A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation, the
supervisor terminates an employee as a result of the suspected data loss. During the investigation, the
supervisor is absent for the interview, and little evidence can be provided form the role-based authentication system in use by the company. The situation can be identified for future mitigation as which of the following?

Job rotation
Log failure
Lack of training
Insider threat

A

Log failure

83
Q

Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled?

Full backup
Incremental backup
Differential backup
Snapshot

A

Differential backup

84
Q

An actor downloads and runs a program against a corporate login page. The program imports a list of
usernames and passwords, looking for a successful attempt.
Which of the following terms BEST describes the actor in this situation?

Script kiddie
Hacktivist
Cryptologist
Security auditor

A

Script kiddie

85
Q

A security analyst is reviewing the following packet capture of an attack directed at a company’s server located in the DMZ:

Which of the following ACLs provides the BEST protection against the above attack and any further attacks from the same IP, while minimizing service interruption?

DENY TCO From ANY to 172.31.64.4
Deny UDP from 192.168.1.0/24 to 172.31.67.0/24
Deny IP from 192.168.1.10/32 to 0.0.0.0/0
Deny TCP from 192.168.1.10 to 172.31.67.4

A

Deny TCP from 192.168.1.10 to 172.31.67.4

86
Q

Which of the following could help detect trespassers in a secure facility? (Select TWO)

Faraday cages
Motion-detection sensors
Tall, chain-link fencing
Security guards
Smart cards
A

Motion-detection sensors

and

Security guards

87
Q

An organization wants to utilize a common, Internet-based third-party provider for authorization and
authentication. The provider uses a technology based on OAuth 2.0 to provide required services. To which of
the following technologies is the provider referring?

Open ID Connect
SAML
XACML
LDAP

A

Open ID Connect

88
Q

A penetration tester harvests potential usernames from a social networking site. The penetration tester then
uses social engineering to attempt to obtain associated passwords to gain unauthorized access to shares on a
network server.
Which of the following methods is the penetration tester MOST likely using?

Escalation of privilege
SQL injection
Active reconnaissance
Proxy server

A

Active reconnaissance

89
Q

An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server. Which of the following will most likely fix the uploading issue for the users?

Create an ACL to allow the FTP service write access to user directories
Set the Boolean selinux value to allow FTP home directory uploads
Reconfigure the ftp daemon to operate without utilizing the PSAV mode
Configure the FTP daemon to utilize PAM authentication pass through user permissions

A

Create an ACL to allow the FTP service write access to user directories

90
Q

Which of the following allows an application to securely authenticate a user by receiving credentials from a
web domain?

TACACS+
RADIUS
Kerberos
SAML

A

SAML

91
Q

A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network. The access the server using RDP on a port other than the typical registered port for the RDP protocol?

TLS
MPLS
SCP
SSH

A

TLS

92
Q

During a third-party audit, it is determined that a member of the firewall team can request, approve, and
implement a new rule-set on the firewall. Which of the following will the audit team most l likely recommend
during the audit out brief?

Discretionary access control for the firewall team
Separation of duties policy for the firewall team
Least privilege for the firewall team
Mandatory access control for the firewall team

A

Separation of duties policy for the firewall team

93
Q

Which of the following allows an auditor to test proprietary-software compiled code for security flaws?

Fuzzing
Static review
Code signing
Regression testing

A

Fuzzing

94
Q

An external contractor, who has not been given information about the software or network architecture, is conducting a penetration test. Which of the following BEST describes the test being performed?

Black box
White box
Passive reconnaissance
Vulnerability scan

A

Black box

95
Q

A company recently replaced its unsecure email server with a cloud-based email and collaboration solution
that is managed and insured by a third party. Which of the following actions did the company take regarding
risks related to its email and collaboration services?

Transference
Acceptance
Mitigation
Deterrence

A

Transferance

96
Q

A company is evaluating cloud providers to reduce the cost of its internal IT operations. The company’s aging
systems are unable to keep up with customer demand. Which of the following cloud models will the company
MOST likely select?

PaaS
SaaS
IaaS
BaaS

A

IaaS

97
Q

A security administrator suspects that data on a server has been exhilarated as a result of unauthorized remote access. Which of the following would assist the administrator in confirming the suspicions? (Select TWO)

Networking access control
DLP alerts
Log analysis
File integrity monitoring
Host firewall rules
A

DLP alerts

and

Log analysis

98
Q

A datacenter manager has been asked to prioritize critical system recovery priorities.
Which of the following is the MOST critical for immediate recovery?

Communications software
Operating system software
Weekly summary reports to management
Financial and production software

A

Operating system software

99
Q

Users in a corporation currently authenticate with a username and password. A security administrator wishes to implement two-factor authentication to improve security.
Which of the following authentication methods should be deployed to achieve this goal?

PIN
Security
Smart card
Passphrase
CAPTCHA
A

Smart card

100
Q

Which of the following is the BEST choice for a security control that represents a preventive and corrective
logical control at the same time?

Security awareness training
Antivirus
Firewalls
Intrusion detection system

A

Antivirus