Practice Test #3 Flashcards

Question 1

Q

Your chief financial officer (CFO) has forwarded to you an e-mail that she thinks is suspicious. The message looks like an official e-mail from your company’s accountant, but it is asking for specific bank account numbers for the company. What kind of social engineering attack is this an example of?

A) whaling
B) kiting
C) vishing
D) spear-phishing

Answer

A

Whaling

Whaling is correct. In a whaling attack, the target victim is usually a high-profile member of the organization, such as an executive, who has much more critical information to expose than the average user.

Question 2

Q

You are setting up security for several new smartphones for your company’s executive team. Which of the following security controls can you implement for Bluetooth communications to prevent bluesnarfing attacks against the devices?

A) bluejacking
B) link-level security
C) call-back security
D) smartphone lock password

Answer

A

Link-level security

Link-level security is correct. Link-level security authenticates the actual communications link before data transmission begins. Data encryption can also be performed in this mode after the link is authenticated.

Question 3

Q

Which of the following security measures would best protect wireless clients from network attacks while they are connecting remotely?

A) use wireless client authentication
B) set the clients to use only the 802.11n standard
C) enable encryption when working in the office
D) install a host-based firewall

Answer

A

Install a host-based firewall

Install a host-based firewall is correct. The host-based firewall software can be used to protect a user’s confidential local data against many types of possible attacks for both incoming and outgoing connections on both wireless and wired networks when the user is away from the office.

Question 4

Q

During testing of an internal application, you find that every time the application encounters issues, it exits to a debugging screen with elevated access permissions and internal directory structure information. Which of the following secure coding concepts should be implemented to improve application security?

A) fuzzing
B) cross-site scripting
C) error and exception handling
D) input validation

Answer

A

Error and exception handling

Error and exception handling is correct. Your application needs to handle errors and exceptions without providing escalated privileges or revealing the internal details of the system or application. An error should not cause the program to halt or crash to an insecure state.

Question 5

Q

You are setting up a new wireless network in your small office. Which of the following security measures should you implement to help protect the confidentiality of the network?

A) WPA3 encryption
B) avoid channel overlaps
C) careful antenna placement
D) authentication to the LDAP server

Answer

A

WPA3 encryption

WPA3 encryption is correct. By using Wi-Fi Protected Access version 3 (WPA3), the strongest encryption currently available for wireless networks, you ensure that if wireless traffic is ever intercepted, its contents cannot be revealed because it is encrypted.

Question 6

Q

You are defining a password policy for your organization’s users. Which of the following password policies is most important to help prevent brute-force attacks on your users’ passwords?

A) minimum password length and complexity
B) usernames not related to company roles
C) minimizing use of special characters
D) account expiration

Answer

A

Minimum password length and complexity

Minimum password length and complexity is correct. By enforcing a minimum length and complexity level of passwords, you ensure that users can’t use weak passwords that are too short or consist of dictionary words.

Question 7

Q

A user has been disciplined for downloading inappropriate content to her work computer system. Under which policy would such rules and consequences be covered?

A) mandatory vacation policy
B) service-level agreement
C) due care
D) acceptable use policy

Answer

A

Acceptable Use Policy

Acceptable use policy is correct. An acceptable use policy (AUP) is a set of established guidelines for the appropriate use of computer networks within an organization. The policy is a written agreement, read and signed by an employee, that outlines the organization’s terms, conditions, and rules for Internet and internal network use.

Question 8

Q

Which file-manipulation command is used to print lines that match patterns?

A) tail
B) grep
C) head
D) cat

Answer

A

Grep

Grep is correct. The grep command is used to print lines that match patterns.

Question 9

Q

A quality assurance tester has found that he can easily crash your company’s web application by entering an e-mail address that’s over 50 characters long in the contact address field. Which of the following application security flaws is causing the issue?

A) SQL injection
B) privilege escalation
C) buffer overflow
D) cross-site scripting

Answer

A

Buffer overflow

Buffer overflow is correct. The contact address field does not have proper input validation controls, causing the lengthy e-mail address to overflow the memory buffer allocated for that field.

Question 10

Q

After a recent hacking attack on your organization’s primary web server, you have resolved several vulnerabilities and are confident that no more existing vulnerabilities can be exploited. Which of the following actions should you take?

A) run a port scan
B) put the web server back into production
C) perform penetration testing
D) run an antivirus scan

Answer

A

Perform penetration testing

Perform penetration testing is correct. Penetration testing evaluates the security of a system by actively simulating an attack and is best suited for testing solutions used to resolve past vulnerabilities.

Question 11

Q

After an incident, your organization has been directed to comply with data loss prevention regulations concerning your customers’ data transactions. You must ensure that any outbound e-mail messages containing customer Social Security numbers cannot be viewed while in transit. Which of the following security controls can provide this functionality?

A) anti-malware scanning of all outbound e-mail messages with an SSN
B) an anti-spam filter that blocks outbound e-mail containing an SSN
C) a web proxy server that quarantines outbound e-mail containing an SSN
D) a content filter that encrypts outbound e-mail containing an SSN

Answer

A

A content filter that encrypts outbound e-mail containing an SSN

A content filter that encrypts outbound e-mail containing an SSN is correct. To protect your clients’ SSN numbers in transit, you should use a content filter to analyze outbound e-mail and encrypt any messages that contain an SSN.

Question 12

Q

You need to utilize certificates for a new web application so that users can trust that the application is connecting to an authenticated server that belongs to your organization. In cryptography, which of the following information assurance objectives is met by using digital certificates?

A) confidentiality
B) integrity
C) nonrepudiation
D) authentication

Answer

A

Authentication

Authentication is correct. Encrypted digital certificates are used to identify users electronically on a network and satisfy the information assurance objective of authentication.

Question 13

Q

Which of the following is an example of a weak configuration?

A) setting a maximum password
B) setting an account expiry date
C) using your primary administrator account as a default
D) not disabling the account to disallow use

Answer

A

Not disabling the account to disallow use

Not disabling the account to disallow use is correct. To best protect an account, you should disable it so it cannot be used.

Question 14

Q

You are designing and coding a new web application to replace a legacy web application that was recently removed because of excessive security vulnerabilities. Which of the following coding techniques is most helpful to prevent vulnerabilities in your application during the development stage?

A) keeping attack surfaces to a minimum
B) application documentation
C) code review
D) design review

Answer

A

Keeping attack surfaces to a minimum

Keeping attack surfaces to a minimum is correct. An attack surface is an aspect of your software application that is vulnerable for an attacker to exploit, such as an open port or running network service. Determine the minimum number of acceptable attack surfaces required and keep to that framework throughout the entire development cycle of the product.

Question 15

Q

A sales engineer for your company is traveling with his laptop computer, which contain highly confidential technical information regarding the internal details of a software application. Which of the following techniques can be implemented to provide the strongest protection of the data on the laptop?

A) use of a virtual machine
B) BIOS password
C) cloud-based data retrieval
D) use of an onboard TPM

Answer

A

Use of an onboard TPM

Use of an onboard TPM is correct. You can encrypt the contents of the laptop’s hard drive and have the trusted platform module (TPM) on the laptop’s motherboard store the encryption key. Only the sales engineer’s password can allow access to the data.

Question 16

Q

Which of the following is not a constraint to be considered within an embedded or specialized system?

A) compute
B) power
C) heat
D) cryptography

Answer

A

Heat

Heat is correct. Heat is not generally a factor within an embedded and specialized system.

Question 17

Q

You are a cybersecurity leader for a program that doesn’t currently utilize threat intelligence. You would like to begin using a program that helps you better describe how adversaries use capabilities within an infrastructure to attack a victim. Which of the following best suits this desire?

A) cyber kill chain
B) MITRE ATT&CK
C) NIST cybersecurity framework
D) the diamond model of intrusion analysis

Answer

A

The diamond model of intrusion analysis

The Diamond Model of Intrusion Analysis is correct. The Diamond Model categorizes the relationships and characteristics of an attack’s four main components: the model describes that an adversary deploys a capability over some infrastructure against a victim. These are known as events and form the diamond. Analysts then populate each part of the diamond with the information they gather during the analysis process.

Question 18

Q

You have just discovered that several user accounts are still active for employees who have long since left the organization or were let go from the company. After changing the passwords and disabling the accounts, which of the following would be best to implement to prevent this security issue from recurring?

A) change HR policy to notify you of any employee status changes
B) regular audit of personnel credentials
C) set account expiration dates
D) use password rotation

Answer

A

Regular audit of personnel credentials

Regular audit of personnel credentials is correct. By regularly checking user accounts and permissions, you ensure that current users only have the rights and permissions required for their current positions. If you find accounts from users who have left the organization, you can disable those accounts.

Question 19

Q

You are performing penetration testing on a network device designed and developed by your company. You want to simulate a testing environment where the user trying to hack into the device has no previous knowledge of its design. Which of the following testing techniques should you use?

A) unknown environment testing
B) vulnerability testing
C) known environment testing
D) partially known environment testing

Answer

A

Unknown environment testing

Unknown environment testing is correct. Unknown environment testing is an excellent way to test your system’s security by simulating an actual attack, because the tester is seeing this system for the first time.

Question 20

Q

Where are the serial numbers of revoked certificates posted?

A) CRL
B) CAL
C) PKI
D) trusted root web site

Answer

A

CRL

CRL is correct. Revoked certificate serial numbers are stored in certificate revocation lists (CRLs). Certificates may be revoked because of fraudulent use, certificate theft, or compromise. Applications can refer to a CRL to ensure that certificates in use are valid.

Question 21

Q

Which of the following actions should you perform first if responding to an attack on your network firewall?

A) make a copy of the firewall logs and error messages
B) reinstall the operating system
C) escalate the issue to your manager
D) reboot the device to restore normal operation

Answer

A

Make a copy of the firewall logs and error messages

Make a copy of the firewall logs and error messages is correct. To preserve forensic evidence of the attack, you should make a copy of the firewall’s log files before performing any other action that could destroy the evidence.

Question 22

Q

To keep up with increasing numbers of visitors and transactions on your company’s website, you have replaced your single web server with four web servers. Which of the following devices should you install to share bandwidth and processing for incoming requests to the new web servers?

A) NAT-aware firewall
B) load balancer
C) network analyzer
D) additional routers and switches

Answer

A

Load balancer

Load balancer is correct. A load balancer can process all incoming web requests and redirect the requests to one of the four web servers either based on how much current processing load each web server is utilizing or by using round-robin methods.

Question 23

Q

An officially signed digital certificate for a new web server application can be obtained from which of these options?

A) certificate policy management system
B) certificate authority
C) authorization server
D) authentication authority

Answer

A

Certificate authority

Certificate authority is correct. A certificate authority (CA) is an organization or entity that issues and manages digital certificates. The CA is responsible for authenticating and identifying users before issuing a certificate.

Question 24

Q

You have performed a risk assessment for your organization’s backup database server, the results of which indicate that the cost of security countermeasures for the backup server is budgeted at $20,000. The total impact of a failure and loss of data for the backup server is $4500. Which of the following solutions should you implement?

A) purchase insurance against the loss of the backup database server
B) transfer the cost of the risk to the company’s operations department
C) use the security budget toward protection of your primary database server instead
D) use the security budget toward backup hardware and media to mitigate potential loss with the backup server

Answer

A

Use the security budget toward protection of your primary database server instead

Use the security budget toward protection of your primary database server instead is correct. The amount of loss in the event of an issue with your backup database server is much less than the actual cost of the security countermeasures used to mitigate the risk. In this case, you could use the security budget for increased protection for your primary server instead.

Question 25

Q

As part of your business continuity planning, you need to consider how to achieve maximum availability of your network services if a situation arises where cloud availability is degraded or lost and the organization needs to work locally. In this scenario, which of the following can be implemented to better ensure the high availability of network servers and the services they provide?

A) hardware redundancy
B) cloud computing
C) virtualization
D) load balancing

Answer

A

Hardware redundancy

Hardware redundancy is correct. Hardware redundancy means that you always have spare servers or spare parts available in the event that hardware fails. For example, a server may have redundant power supplies so that if one supply fails, the system continues to run. Within the scenario, if the requirement is to be able to maximize effectiveness within a cloud-degraded or cloud-disrupted environment, being sure you have redundancy for your local equipment is key.

Question 26

Q

Which of the following are publicly accessible ledgers that record online transactions, based on peer-to-peer technology?

A) blockchain
B) steganography
C) symmetric cryptography
D) perfect forward secrecy

Answer

A

Blockchain

Blockchain is correct. Blockchains are publicly accessible ledgers that record online transactions, based on peer-to-peer technology. A party initiates a block, which is then verified by all the distributed systems and added to the chain (or rejected if not verified). Each block is bound to the other, and the distributed nature of blockchain means that the ledger is accessible to anyone, making it difficult to cheat the system. Generally, the larger the blockchain, the safer.

Question 27

Q

You are having an issue with a network device that is causing denial of service on your internal router because of a flood of network packets to a router port. Which of the following methods can you use to identify the source, destination, and data of the network packets to resolve this issue?

A) make sure the router firmware is up to date
B) use a protocol analyzer to monitor traffic to the router port
C) scan the router for malware
D) perform a ping sweep on network clients

Answer

A

Use a protocol analyzer to monitor traffic to the router port

Use a protocol analyzer to monitor traffic to the router port is correct. A protocol analyzer monitoring the affected router port can determine the source, destination, and data payload of the network packets. From there, you can find the affected device and determine if there is a malware issue or other malfunction.

Question 28

Q

For centralized authentication services, you want to use an encrypted authentication service to securely authenticate remote access users who connect to your office via a VPN. Which of the following authentication services should you use?

A) PAP
B) LDAP
C) local username and password
D) LDAPS

Answer

A

LDAPS

LDAPS is correct. You can configure a Lightweight Directory Access Protocol (LDAP) server to use Transport Layer Security (TLS) or Secure Sockets Layer (SSL), also known as LDAPS, to encrypt authentication communications. This ensures that client credentials, such as usernames and passwords, are not sent in cleartext over the network.

Question 29

Q

You’re investigating a potential data breach. Which of the following should prompt an alert as suspicious behavior?

A) one hundred fifty successful user logins between 8:30am and 5:00pm
B) five failed login attempts for the admin user at 3:30am
C) one failed login attempt by an end user
D) three successful login attempts for the admin user between 8:30am and 6:00pm

Answer

A

Five failed login attempts for the admin user at 3:30am

Five failed login attempts for the admin user at 3:30 AM is correct. It is suspicious behavior if someone is unsuccessfully trying to log in to the admin account during off-work hours.

Question 30

Q

You are setting up performance logging to monitor CPU, memory, and disk usage for an important database server. Which of the following actions should you perform to accurately measure performance spikes?

A) scan the system for malware
B) disable nightly backups
C) create a system baseline
D) make sure all system software patches are up to date

Answer

A

Create a system baseline

Create a system baseline is correct. To properly measure system performance, you need to create a system baseline that shows the normal operating performance levels. Then you will be able to measure future performance data against the baseline to reveal performance anomalies.

Question 31

Q

You are a cybersecurity analyst that is implementing a new SOAR tool within your organization. You want to develop a set of rules to automate features such as threat response, threat intelligence enrichment, and other activities that the SOAR platform can orchestrate. Which is the appropriate name for this set of rules?

A) policy
B) SIEM
C) runbook
D) playbook

Answer

A

Runbook

Runbook is correct. A runbook is a set of rules that can be largely automated and, while it can indeed include human elements, often is used to automate features such as threat response, threat intelligence enrichment, and other activities that the security orchestration, automation, and response (SOAR) platform can orchestrate. These rules are generally condition-based, so instead of following a step-by-step pattern, they are triggered by preset conditions.

Question 32

Q

You have implemented several organizational security policies that govern the day-to-day use of computer resources in the company, including content filters on web browsing and restrictions on instant messaging and social media. Which of the following mitigation techniques should you use to ensure that your policies are being adhered to?

A) use password rotation
B) change HR policy to notify you of any employee status changes
C) conduct routine user account and permission audits
D) set account expiration dates

Answer

A

Conduct routine user account and permission audits

Set account expiration dates is correct. By regularly auditing user accounts and permissions, you ensure that current users only have the rights and permissions required for their current positions. If you find accounts from users who have left the organization, you can disable those accounts.

Question 33

Q

You have run a vulnerability scan on a web and FTP server and it has identified the following TCP ports as open and listening for requests: 80, 443, 23, and 21. Which port is unnecessary and should be disabled?

A) 443
B) 21
C) 23
D) 80

Answer

A

23

23 is correct. Telnet utilizes TCP port 23 and is not required for remote access to this web and FTP server.

Question 34

Q

You are creating a disaster recovery plan for your organization and assigning probabilities to specific risks. Which of the following would be the highest probability risk for your server room?

A) fire
B) war driving
C) low temperatures
D) unauthorized access

Answer

A

Unauthorized access

Unauthorized access is correct. Unauthorized access to your secure server room is the highest probability risk. Therefore, adequate access control security is required for the server room entrance.

Question 35

Q

You have had many issues with employees forwarding hoax e-mail messages to each other and taking up valuable mail server resources. As part of your user awareness training, what is the best action to tell your end users to take when they receive what appears to be a hoax e-mail message?

A) delete the message and do not forward it
B) forward the message to a home email address
C) forward the message to your coworkers to warn them
D) reply to the message

Answer

A

Delete the message and do not forward it

Delete the message and do not forward it is correct. A hoax e-mail does nothing but waste time, network bandwidth, and system resources, especially when it is forwarded like a chain letter throughout the organization. It is best to educate your users to delete the hoax e-mail immediately and not forward it.

Question 36

Q

A member of your company’s executive team has lost his company smartphone while traveling. Given this incident, which of the following actions can you perform to prevent an unauthorized user from gaining access to its data?

A) call the smartphone number
B) use MDM to conduct a remote wipe
C) rely on the screen lock password
D) disable the smartphone sim

Answer

A

Use MDM to conduct a remote wipe

Use MDM to conduct a remote wipe is correct. If the phone has the capability, you can use Mobile Device Management (MDM) to remotely wipe the phone to erase all its contents. The smartphone itself might never be recovered, but you have removed any critical and confidential data from the phone.

Question 37

Q

You have recently completed development of a new software application and have sent the first alpha version to quality assurance for testing. As part of the testing, you need to determine whether there are any known security issues due to the underlying operating system, network services, or development code. Which of the following testing methods can you use?

A) vulnerability scanning
B) penetration testing
C) fuzzing
D) malware scanning

Answer

A

Vulnerability scanning

Vulnerability scanning is correct. A vulnerability scanner is a software program specifically designed to scan a system via the network to determine what services the system is running and whether there are any unnecessary open network ports, unpatched operating systems, or unpatched applications.

Question 38

Q

You are designing authentication services for a highly secure facility. Which of the following authentication models would provide the most security for physical access?

A) photo ID and security guard check
B) multi-factor authentication
C) PIN
D) single sign-on to a directory server

Answer

A

Multi-factor authentication

Multifactor authentication is correct. Multifactor authentication is very secure and means that users must provide at least two unique identification factors, such as an access card, a PIN, and a fingerprint scan.

Question 39

Q

A control audit has revealed that your organization has made significant progress in implementing technical controls but is lacking in controls that help address how the organization conducts its daily business and are designed to minimize the security risk to those business activities. Which of the following control categories should you focus on?

A) technical
B) physical
C) operational
D) managerial

Answer

A

Operational

Operational is correct. Controls in the operational risk category address how the organization conducts its daily business and are designed to minimize the security risk to those business activities. This category could include, for example, company-wide policies that are created, distributed, and used to educate employees on how to conduct their day-to-day activities while being vigilant about organizational security, and improvement initiatives to make organizational processes more efficient and effective.

Question 40

Q

Gaming systems, printers, appliances, in-vehicle systems, medical devices, cameras, home automation, and HVAC controls all may be examples of what?

A) FPGA
B) system-on-a-chip
C) ERP systems
D) embedded systems

Answer

A

Embedded systems

Embedded systems is correct. Embedded systems include gaming systems, printers, appliances, in-vehicle systems, medical devices, cameras, home automation, and HVAC (heating, ventilating, and air conditioning) controls that are network enabled, and sometimes Internet connected, for remote access.

Question 41

Q

Your organization has several users who work remotely from home, and you are worried about security threats originating from their home ISP connections when they use a VPN to connect to your organization’s network. Which of the following should you install on their computers to help mitigate these threats?

A) anti-malware software
B) host-based firewall
C) anti-spam software
D) pop-up blocker

Answer

A

Host-based firewall

Host-based firewall is correct. A host-based firewall can protect the remote users’ computers from network attacks originating from their Internet connection via their Internet service provider (ISP).

Question 42

Q

You are trying to diagnose an issue where DNS queries are not properly resolving hostnames to IP addresses. You check your firewall rules and want to make sure that the DNS protocol is not blocked outbound. Which of the following ports should you examine?

A) TCP ports 137, 138, and 139
B) UDP port 53
C) UDP port 161
D) TCP ports 20 and 21

Answer

A

UDP port 53

UDP port 53 is correct. Domain Name System (DNS) queries use UDP port 53. DNS also uses TCP port 53 for zone transfers. If this is blocked on your firewall, you will not be able query a DNS server for a hostname lookup.

Question 43

Q

You have recently installed a network-based intrusion detection system (NIDS). Which of the following network-monitoring methodologies should you use to protect your network devices from zero-day threats?

A) behavioral-based monitoring
B) active-based monitoring
C) signature-based monitoring
D) rule-based monitoring

Answer

A

Behavior-based monitoring

Behavioral-based monitoring is correct. Behavioral-based monitoring uses a baseline of normal behavior and then detects anomalies to that baseline. This helps prevent zero-day threats by detecting network anomalies that could be a network attack.

Question 44

Q

Which of the following is a protective measure that hides lights, sensors, and other security measures from detection?

A) surveillance
B) industrial camouflage
C) motion detection
D) drone footage

Answer

A

Industrial camouflage

Industrial camouflage is correct. Industrial camouflage is a protective measure that hides lights, sensors, and other security measures from detection. This camouflage matches its subject device to its surroundings through paint matching, terrain matching, use of trees and bushes, and so on or by hiding the device inside another device, often to camouflage facilities from aerial surveillance (satellite, drone, etc.).

Question 45

Q

You are the first responder to a security incident in which malware is quickly spreading throughout your network from e-mails being sent internally from user accounts. Which of the following actions should you first take?

A) run antivirus scans on each infected client computer
B) shut down mail delivery on the e-mail server to stop the malware from spreading
C) escalate the issue to your manager
D) restart the mail server

Answer

A

Shit down mail delivery on the e-mail server to stop the malware from spreading

Shut down mail delivery on the e-mail server to stop the malware from spreading is correct. You should immediately initiate actions for damage and loss control. In this case, you can disable the sending of e-mails on the server to stop messages from being sent to other clients and infecting their computers.

Question 46

Q

You are developing a web application that contains a web form with many input fields that are filled out by the end user. Which of the following methods can you use to make sure your input validation for the web form is secure?

A) escaping
B) XML injection
C) fuzzing
D) SQL injection

Answer

A

Fuzzing

Fuzzing is correct. Fuzzing is a testing technique used to test input validation by entering random, unexpected data into application fields to see how the software program reacts.

Question 47

Q

You are installing a VPN remote access solution for your users so that they can connect to the network from home or while traveling. Which of the following services can you use to provide centralized authentication so that your users do not require separate credentials for the VPN?

A) call-back security
B) local username and password
C) LDAP server
D) security token

Answer

A

LDAP server

LDAP server is correct. Users only need to log in once through the VPN to access any resources they are authorized for on the network. A directory service such as Lightweight Directory Access Protocol (LDAP) provides the central database for the users’ credentials, instead of having separate usernames and passwords for each resource.

Question 48

Q

You are setting up your network, which spans several different floors of an office building. You want to subdivide the network using logical methods to prevent cross-network chatter and improve access security, but several departments have employees on different floors and sections of the building. Which of the following techniques should you implement?

A) subnetting
B) protocol-based VLAN
C) firewall zones
D) port-based VLAN

Answer

A

Port-based VLAN

Port-based VLAN is correct. Using a port-based virtual local area network (VLAN), you can assign specific router and switch ports to different VLANs, which allows you to assign any network segment on any floor of your office to a specific VLAN. This provides flexibility so that the user’s location does not limit his or her network access.

Question 49

Q

Which of the following techniques allows you to run a public-facing web application but still maintain a private back end with servers that aren’t publicly accessible?

A) private IP addressing
B) virtual private cloud
C) network address translation
D) proxy server

Answer

A

Virtual private cloud

Virtual private cloud is correct. By using a virtual private cloud (VPC), you can run a public-facing web application but still maintain a private back end with servers that aren’t publicly accessible.

Question 50

Q

A server was recently stolen from the floor of your manufacturing facility. Which of the following security controls can you use to help prevent theft of important server equipment?

A) login and password required on the management console screen
B) video recordings sent to a remote server
C) fastened with a cable lock to a desk
D) locked in a server cabinet in a secure server room

Answer

A

Locked in a server cabinet in a secure server room

Locked in a server cabinet in a secure server room is correct. The server should be stored in a locked cabinet within a secure server room with access controls.

Question 51

Q

You want to limit access to your internal network by ensuring that any connecting computers are running the latest operating system software version and that their antivirus signatures are up to date. Which of the following security measures should you implement on your network devices to control access?

A) forcing the use of HTTPS
B) network address translation
C) network access control
D) VLANs

Answer

A

Network access control

Network access control is correct. Network access control (NAC) can be configured on your network devices to deny access to clients that do not have the latest antivirus signatures or that are running an older version of their operating system.

Question 52

Q

You are designing a new server room and are planning your environmental controls. Which of the following controls is most useful for improving air flow in your server room?

A) elevated cable trays
B) power conditioner
C) humidity controls
D) hot and cold aisles

Answer

A

Hot and cold aisles

Hot and cold aisles is correct. Hot and cold aisles create a constant flow of air circulation to prevent buildup of heat emanating from the back of the equipment racks and allow cool air to flow into the front of the equipment racks.

Question 53

Q

Which of the following is not an official privacy role?

A) chief information security officer
B) data owner
C) data steward
D) data controller

Answer

A

Chief Information Security Officer

Chief information security officer is correct. Although the chief information security officer (CISO) may participate in the privacy process, the CISO needs to be designated within an official privacy role.

Question 54

Q

You are running several web servers for different client websites and you want to consolidate some services to improve resource usage on your underutilized server hardware. You also want to make sure that security issues with one client web service will not affect the web service of other clients. Which of the following technologies should you implement?

A) run each client web service in a virtual machine
B) use shared RAID disk services
C) create a VLAN for each web server
D) cluster the web services

Answer

A

Run each client web service in a virtual machine

Run each client web service in a virtual machine is correct. Using virtualization, you can run each client’s website on a separate virtual machine (VM) running on the same hardware platform. This allows you to run several VMs on one system, and each VM is isolated from the others, thus preventing security issues with one client web service from affecting other client web services.

Question 55

Q

You have sent your friend a secret, encrypted message. The key you used to encrypt the message is the same key with which your friend will decrypt the message. This is an example of which type of encryption?

A) diffie-hellman
B) symmetric
C) asymmetric
D) RSA

Answer

A

Symmetric

Symmetric is correct. In a symmetric encryption scheme, both parties use the same key for encryption and decryption purposes. Both users must possess the same key to send encrypted messages to each other.

Question 56

Q

Which of the following actions should a user take if she receives what she believes to be a hoax e-mail message?

A) forward it to the entire company to warn them of the message
B) ignore and delete the message
C) only forward it to users outside of the organization
D) only forward the message to users in her department

Answer

A

Ignore and delete the message

Ignore and delete the message is correct. Hoax e-mails should be ignored and deleted to prevent them from using up valuable resources on the mail server and networks.

Question 57

Q

To facilitate a more real-time defense, your organization is interested in adopting automated indicator sharing. Which of the following will help with this?

A) vulnerability feeds
B) dark web
C) TAXII
D) threat maps

Answer

A

TAXII

TAXII is correct. The Trusted Automated eXchange of Intelligence Information (TAXII) is a major technical specification for automated indicator sharing.

Question 58

Q

Which of the following groups traffic into flows to then send on to a centralized collection point, and is based on NetFlow v9?

A) NXLog
B) IPFIX
C) syslog
D) sFlow

Answer

A

IPFIX

IPFIX is correct. The IP Flow Information Export (IPFIX) protocol is defined in IETF RFC 7011 as a common representation of flow data and a standard means of communicating, as required for transmitting traffic flow information over a network for collection. Like NetFlow, IPFIX groups traffic into flows to then send on to a centralized collection point. IPFIX is based on NetFlow v9.

Question 59

Q

Your organization is standing up an advanced penetration-testing capability internally. You have been tasked with finding tools to craft and execute custom exploits against targets. Which of the following is best suited for this objective?

A) metasploit
B) powershell
C) tracert
D) winhex

Answer

A

Metasploit

Metasploit is correct. Exploitation frameworks are platforms that can be used to craft and execute exploits against targets. They generally contain suites of tools and serve as a “Swiss Army knife” of exploitation, a one-stop shop for hackers and security professionals alike. Metasploit is one of the leading exploitation frameworks available.

Question 60

Q

As the network administrator, you are setting up a method to remotely access a management server from your home office for after-hours support. Which of the following remote access methods would provide the most security?

A) SSH
B) web application
C) modem dial-up
D) telnet

Answer

A

SSH

SSH is correct. Secure Shell (SSH) provides an encrypted remote access channel to a host system.

Question 61

Q

You are reviewing your firewall logs and notice the following activity: Source: 172.16.1.12 Destination: 192.168.1.128 TCP Port 21 Source: 172.16.1.12 Destination: 192.168.1.128 TCP Port 22 Source: 172.16.1.12 Destination: 192.168.1.128 TCP Port 23 Source: 172.16.1.12 Destination: 192.168.1.128 TCP Port 24 Source: 172.16.1.12 Destination: 192.168.1.128 TCP Port 25 The entries continue until the TCP port numbers reach 65535. Which of the following tools might this indicate?

A) port scanner
B) vulnerability scanner
C) IP scanner
D) ifconfig

Answer

A

Port scanner

Port scanner is correct. A specific address is attempting to connect to each TCP port in succession. This indicates the tool is scanning all ports on the system to find open ports that can be exploited.

Question 62

Q

Using which of the following protocols is a best practice when performing secure administration tasks on a router remotely through a web browser?

A) HTTPS
B) telnet
C) HTTP
D) remote shell

Answer

A

HTTPS

HTTPS is correct. Hypertext Transfer Protocol over SSL/TLS (HTTPS) provides an encrypted web connection to the router so that you can perform secure administrative tasks.

Question 63

Q

You have recently had several instances of malicious macro code within word processing documents infecting users’ computers. Which of the following can you implement to help prevent future instances of this issue from occurring?

A) application baseline with macros disabled
B) host-based firewall
C) regular full-computer virus scanning
D) anti-spam software scanning of inbound email messages

Answer

A

Application baseline with macros disabled

Application baseline with macros disabled is correct. By installing your word processing applications with a baseline that prohibits the use of macros, you ensure that whenever users receive a document with a macro, it will be prevented from running.

Question 64

Q

The following are the steps for a secure web-based transaction. What is the correct order of the steps? A. A digital certificate establishes the website identity to the browser. B. TLS is activated between the client and the server. C. The browser accepts the certificate from the web server. D. Banking transactions are accepted.

A) A,B,C,D
B) A,C,B,D
C) C,B,A,D
D) D,B,C,A

Answer

A

A,C,B,D

A, C, B, D is correct. When a client connects to the secure HTTPS site, the web server sends a certificate to the web browser to establish its identity. If the browser accepts the certificate and finds no validation issues with the certificate, Transport Layer Security (TLS) is then activated between the server and client, securing subsequent banking transactions.

Answer 65

A

Single sign-on to a directory server

Single sign-on to a directory server is correct. Single sign-on (SSO) means that users need to log in only once to access any resources they are authorized for on the network. A directory service such as LDAPS provides the central database for the users’ credentials, instead of having separate usernames and passwords for each resource.

Answer 66

A

A content filter that blocks downloads greater than a specified size

A content filter that blocks downloads greater than a specified size is correct. You can use a content-filtering appliance to block all large downloads, such as files greater than 1GB in size, to prevent users from downloading movies and other files that are not business related.

Answer 67

A

Encrypt the connection

Encrypt the connection is correct. An on-path attack is performed by a hacker who uses a protocol analyzer to intercept network packets before they reach their destination. Use encryption to make sure that the hacker cannot read the intercepted packets.

Answer 68

A

636

636 is correct. TCP port 636 is used by LDAP over TLS (i.e., Lightweight Directory Access Protocol over Transport Layer Security). Filtering the results for this port displays only the information you need to troubleshoot the issue.

Answer 69

A

Cloud computing

Cloud computing is correct. Using a cloud-based service, the salespeople can perform their work using a web browser that connects to the cloud service, giving them instant access to the application and the data without having to keep the only copy of the data on their laptop.

Answer 70

A

Access card with PIN

Access card with PIN is correct. Requiring employees of the government facility to present an access card and enter a personal identification number (PIN) is multifactor authentication, something you have and something you know, and is more secure than single-factor options.

Answer 71

A

The maximum amount of time that is considered tolerable for a service to be unavailable

The maximum amount of time that is considered tolerable for a service to be unavailable is correct. The recovery time objective (RTO) is the maximum amount of time that is considered tolerable for a service or certain business function to be unavailable. For example, a critical web server that takes customer orders over the Internet may have an RTO of 30 minutes.

Answer 72

A

Session cookie authentication

Session cookie authentication is correct. Cross-site request forgery (XSRF/CSRF) is a type of attack that tricks a user into navigating to a website that contains malicious code. To prevent XSRF/CSRF attacks, a web application must verify that a request came from an authorized user. Web applications can require a second identifying value saved in a cookie that is compared with every single request to the website.

Answer 73

A

Regular audits

Regular audits is correct. Only by performing regular audits and reviews of user permissions can you be sure that users are adhering to organizational policies. Regular audits ensure that any security lapses in account management are quickly resolved.

Answer 74

A

Protocol analyzer

Protocol analyzer is correct. You can use a protocol analyzer to examine the network packets sent from the web server to the database server. Through detailed analysis, you can discover which of the requests is sending malformed data and thus causing your database server to crash.

Answer 75

A

Regenerate session keys and IDs after a successful login

Regenerate session keys and IDs after a successful login is correct. To protect against session cookie hijacking (a type of attack in which an unauthorized user uses a session cookie from another authenticated user to access the application), web applications should regenerate session keys and IDs after a successful login so that a secondary attempt to use the same session credentials from a hijacked cookie will not work.

Answer 76

A

Separation of Duties

Separation of duties is correct. A separation of duties policy ensures that one single individual isn’t tasked with high-security and high-risk responsibilities. Critical responsibilities are separated between several users to prevent corruption and errors.

Answer 77

A

CIS controls

CIS Controls is correct. The Center for Internet Security (CIS) Critical Security Controls (CSC), otherwise known as the “Top 20 Controls” or “CIS Controls,” is a framework composed of 20 control groups covering topics that range from hardware inventory to penetration testing within an organization. The underlying thesis for the CSC framework is to pare down the controls to those that are most critical, helping prevent organizations from becoming overwhelmed or choosing the wrong controls to apply to reduce risk.

Answer 78

A

Clients have become part of a botnet and are attacking server

Clients have become part of a botnet and are attacking a server is correct. Several of your clients have been infected with malware and have become part of a botnet that has been activated to attack a specific web server on the Internet.

Answer 79

A

Store electronic versions on a secure server and shred hard copies

Store electronic versions on a secure server and shred hard copies is correct. Keep your electronic copies on a secure server, and make sure any existing hard copies are shredded and not thrown in the garbage, where they could be found by a hacker performing dumpster diving.

Answer 80

A

Using strong passwords

Using strong passwords is correct. You should ensure that all your network devices use very strong passwords to prevent basic hacking attempts on the administrator account.

Brainscape's Knowledge GenomeTM

Practice Test #3 Flashcards

Brainscape's Knowledge Genome^TM