Topic 4 Flashcards
The help desk is receiving numerous password change alerts from users in the accounting department. These
alerts occur multiple times on the same day for each of the affected users’ accounts. Which of the following
controls should be implemented to curtail this activity?
Password Reuse
Password complexity
Password History
Password Minimum age
Password minimum age
Six months into development, the core team assigned to implement a new internal piece of software must
convene to discuss a new requirement with the stake holders. A stakeholder identified a missing feature critical to the organization, which must be implemented. The team needs to validate the feasibility of the newly introduced requirement and ensure it does not introduce new vulnerabilities to the software and other applications that will integrate with it. Which of the following BEST describes what the company?
The system integration phase of the SDLC
The system analysis phase of SSDSLC
The system design phase of the SDLC
The system development phase of the SDLC
The system analysis phase of SSDSLC
A security analyst has set up a network tap to monitor network traffic for vulnerabilities. Which of the
following techniques would BEST describe the approach the analyst has taken?
Compliance scanning
Credentialed scanning
Passive vulnerability scanning
Port scanning
Port scanning
While performing a penetration test, the technicians want their efforts to go unnoticed for as long as possible while they gather useful data about the network they are assessing. Which of the following would be the BEST choice for the technicians?
Vulnerability scanner
Offline password cracker
Packet sniffer
Banner grabbing
Packet sniffer
An organization recently moved its custom web applications to the cloud, and it is obtaining managed services of the back-end environment as part of its subscription. Which of the following types of services is this company now using?
SaaS
CASB
IaaS
PaaS
CASB (cloud access security broker)
The POODLE attack is an MITM exploit that affects:
TLS1.0 with CBC mode cipher
SSLv2.0 with CBC mode cipher
SSLv3.0 with CBC mode cipher
SSLv3.0 with ECB mode cipher
SSLv3.0 with CBC mode cipher
Which of the following techniques can be bypass a user or computer’s web browser privacy settings? (Select Two)
SQL injection Session hijacking Cross-site scripting Locally shared objects LDAP injection
Session hijacking
Cross-site scripting
A network technician is trying to determine the source of an ongoing network based attack. Which of the
following should the technician use to view IPv4 packet data on a particular internal network segment?
Proxy
Protocol analyzer
Switch
Firewall
Protocol analyzer
To determine the ALE of a particular risk, which of the following must be calculated? (Select two.)
ARO ROI RPO SLE RTO
ARO (Annual Rate of Occurrence)
SLE (Single-loss expectancy)
A security administrator needs an external vendor to correct an urgent issue with an organization’s physical
access control system (PACS). The PACS does not currently have internet access because it is running a
legacy operation system.
Which of the following methods should the security administrator select the best balances security and
efficiency?
Temporarily permit outbound internet access for the pacs so desktop sharing can be set up
Have the external vendor come onsite and provide access to the PACS directly
Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
Set up a web conference on the administrator’s pc; then remotely connect to the pacs
Set up VPN concentrator for the vendor and restrict access to the PACS using desktop sharing
An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:
Rule-based access control
Role-based access control
Mandatory access control
Discretionary access control
Discretionary access control
The IT department needs to prevent users from installing untested applications.
Which of the following would provide the BEST solution?
Job rotation
Least privilege
Account lockout
Antivirus
Least privilege
A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility. Which of the following configuration commands should be implemented to enforce this requirement?
LDAP server 10.55.199.3
CN=company, CN=com, OU=netadmin, DC=192.32.10.233
SYSLOG SERVER 172.16.23.50
TACAS server 192.168.1.100
CN=company, CN=com, OU=netadmin, DC=192.32.10.233
A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL.
Which of the following is the attacker most likely utilizing?
Header manipulation
Cookie hijacking
Cross-site scripting
Xml injection
Header manipulation
Which of the following would enhance the security of accessing data stored in the cloud? (Select TWO)
Block level encryption SAML authentication Transport encryption Multifactor authentication Predefined challenge Hashing
SAML Authentication
Multifactor authentication
Which of the following delineates why it is important to perform egress filtering and monitoring on Internet
connected security zones of interfaces on a firewall?
Egress traffic is more important than ingress traffic for malware prevention
To rebalance the amount of outbound traffic and inbound traffic
Outbound traffic could be communicating to known botnet sources
To prevent DDoS attacks originating from external network
To rebalance the amount of outbound traffic and inbound traffic
Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?
Remote exploit
Amplification
Sniffing
Man-in-the-middle
Remote exploit
An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography. Discovery of which of the following would help catch the tester in the act?
Abnormally high numbers of outgoing instant messages that contain obfuscated text
Large-capacity USB drives on the tester’s desk with encrypted zip files
Outgoing emails containing unusually large image files
Unusual SFTP connections to a consumer IP address
Outgoing emails containing unusually large image files
Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based
authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication?
Use of OATH between the user and the service and attestation from the company domain
Use of active directory federation between the company and the cloud-based service
Use of smartcards that store x.509 keys, signed by a global CA
Use of a third-party, SAML-based authentication service for attestation
Use of active directory federation between the company and the cloud-based service.
Which of the following can be used to control specific commands that can be executed on a network
infrastructure device?
LDAP
Kerberos
SAML
TACACS+
TACAS+
A wireless network has the following design requirements:
Authentication must not be dependent on enterprise directory service
It must allow background reconnection for mobile users
It must not depend on user certificates
Which of the following should be used in the design to meet the requirements? (Choose two.)
PEAP PSK Open systems authentication EAP-TLS Captive portals
PSK
Captive portals
A security analyst is updating a BIA document. The security analyst notices the support vendor’s time to
replace a server hard drive went from eight hours to two hours. Given these new metrics, which of the
following can be concluded? (Select TWO)
The MTTR is faster. The MTTR is slower. The RTO has increased. The RTO has decreased. The MTTF has increased. The MTTF has decreased.
The MTTR is faster
The RTO has decreased
A new hire wants to use a personally owned phone to access company resources. The new hire expresses
concern about what happens to the data on the phone when they leave the company. Which of the following
portions of the company’s mobile device management configuration would allow the company data to be
removed from the device without touching the new hire’s data?
Asset control
Device access control
Storage lock out
Storage segmentation
Device access control
A consultant has been tasked to assess a client’s network. The client reports frequent network outages. Upon viewing the spanning tree configuration, the consultant notices that an old and law performing edge switch on the network has been elected to be the root bridge. Which of the following explains this scenario?
The switch also serves as the DHCP server
The switch has the lowest MAC address
The switch has spanning tree loop protection enabled
The switch has the fastest uplink port
The switch has spanning tree loop protection enabled
A third-party penetration testing company was able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another server that was not in the original network.
Which of the following is the MOST likely method used to gain access to the other host?
Backdoor
Pivoting
Persistance
Logic bomb
Pivoting
A security auditor is putting together a report for the Chief Executive Officer (CEO) on personnel security and its impact on the security posture of the whole organization. Which of the following would be the MOST important factor to consider when it comes to personnel security?
Insider threats Privilege escalation Hacktivist Phishing through social media Corporate espionage
Insider threats
Which of the following is the BEST reason for salting a password hash before it is stored in a database?
To prevent duplicate values from being stored
To make the password retrieval process very slow
To protect passwords from being saved in readable format
To prevent users from using simple passwords for their access credentials
To prevent duplicate values from being stored
An audit has revealed that database administrators are also responsible for auditing database changes and
backup logs. Which of the following access control methodologies would BEST mitigate this concern?
Time of day restrictions
Principle of least privilege
Role-based access control
Separation of duties
Separation of duties
A security administrator determined that users within the company are installing unapproved software.
Company policy dictates that only certain applications may be installed or ran on the user’s computers without
exception. Which of the following should the administrator do to prevent all unapproved software from running on the user’s computer?
Deploy antivirus software and configure it to detect and remove pirated software
Configure the firewall to prevent the downloading of executable files
Create an application whitelist and use OS controls to enforce it
Prevent users from running as administrator so they cannot install software.
Create an application whitelist and use OS controls to enforce it.
Due to regulatory requirements, a security analyst must implement full drive encryption on a Windows file
server. Which of the following should the analyst implement on the system to BEST meet this requirement?
Enable and configure EFS on the file system.
Ensure the hardware supports TPM, and enable it in the BIOS.
Ensure the hardware supports VT-X, and enable it in the BIOS.
Enable and configure BitLocker on the drives.
Enable and configure DFS across the file system.
Ensure the hardware supports TPM, and enable it in the BIOS
Enable and configured bitlocker on the drives.
A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system
administrator has been given the following log files from the VPN, corporate firewall and workstation host.
Which of the following is preventing the remote user from being able to access the workstation?
Network latency is causing remote desktop service request to time out
User1 has been locked out due to too many failed passwords
Lack of network time synchronization is causing authentication mismatches
The workstation has been compromised and is accessing known malware sites
The workstation host firewall is not allowing remote desktop connections
User1 has been locked out due to too many failed passwords
When generating a request for a new x.509 certificate for securing a website, which of the following is the
MOST appropriate hashing algorithm?
RC4
MD5
HMAC
SHA
MD5
Ann, a user, states that her machine has been behaving erratically over the past week. She has experienced
slowness and input lag and found text files that appear to contain pieces of her emails or online conversations
with coworkers. The technician runs a standard virus scan but detects nothing. Which of the following types of malware has infected the machine?
Ransomware
Rootkit
Backdoor
Keylogger
Keylogger
When designing a web based client server application with single application server and database cluster
backend, input validation should be performed:
On the client
Using database stored procedures
On the application server
Using HTTPS
On the application server
A security administrator needs to address the following audit recommendations for a public-facing SFTP
server:
Users should be restricted to upload and download files to their own home directories only.
Users should not be allowed to use interactive shell login.
Which of the following configuration parameters should be implemented? (Select TWO).
PermitTunnel ChrootDirectory PermitTTY AllowTcpForwarding IgnoreRhosts
ChrootDirectory
PermitTTY
Which of the following strategies should a systems architect use to minimize availability risks due to
insufficient storage capacity?
High availability
Scalability
Distributive allocation
Load balancing
Scalability
Which of the following is the appropriate network structure used to protect servers and services that must be provided to external clients without completely eliminating access for internal users?
NAC
VLAN
DMZ
Subnet
DMZ
Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing a RADIUS server for SSO. Which of the following are needed given these requirements? (Select TWO)
Public key Shared key Elliptic curve MD5 Private key DES
Public key
Private key
Many employees are receiving email messages similar to the one shown below:
From IT department To employee Subject email quota exceeded Pease click on the following link
http:www.website.info/email.php?quota=1Gb and provide your username and password to increase your email
quotA. Upon reviewing other similar emails, the security administrator realized that all the phishing URLs
have the following common elements; they all use HTTP, they all come from .info domains, and they all
contain the same URI. Which of the following should the security administrator configure on the corporate
content filter to prevent users from accessing the phishing URL, while at the same time minimizing false
positives?
A. BLOCK http://www.*.info/ B. DROP http:// "website.info/email.php?* C. Redirect http://www,*.Info/email.php?quota=*TOhttp://company.com/corporate_polict.html D. DENY http://*.info/email.php?quota=1Gb
D. DENY
http://*.info/email.php?quota=1Gb
A member of the admins group reports being unable to modify the “changes” file on a server.
The permissions on the file are as follows:
Permissions User Group File
-rwxrw-r–+ Admins Admins changes
Based on the output above, which of the following BEST explains why the user is unable to modify the
“changes” file?
The SELinux mode on the server is set to “enforcing.”
The SELinux mode on the server is set to “permissive.”
An FACL has been added to the permissions for the file.
The admins group does not have adequate permissions to access the file.
An FACL has been added to the permissions for the file.