Bank 1 Flashcards
(65 cards)
1
Q
A security administrator is reviewing the event logs for a company server. There are numerous entries for attempts to log into the telnet service with an account names “root.” After further review of the access to the server, the security administrator determines there is a business need for another server in the company to connect via telnet to the server under review. Which of the following tasks should the security administrator perform to improve the security posture of the server?
A. Change the timeout values on the telnet service
B. Allow the telnet access to the server through the firewall
C. Configure the telnet service to only accept traffic from the other server
D. Configure the telnet service to log at the debug level
E. Disable root access within the telnet service
F. Set the telnet service to enforce password changes every 90 days
A
C. Configure the telnet service to only accept traffic from the other server
E. Disable root access within the telnet service
2
Q
A security administrator has defined a new policy that requires all users to have complex passwords. Which of the following is this policy designed to help mitigate. A. Man-in-the-middle attack B. Phishing C. Session hijacking D. Dictionary Attack
A
D. Dictionary Attack
3
Q
In order to establish a connection to a server using secure LDAP, which of the following MUST be installed on the client? A. Server public key B. Subject alternative name certificate C. CA anchor of trust D. Certificate signing request
A
A. Server public key
4
Q
A CA is attempting to publicize the acceptable parameters for certificate signing requests. Which of the following should a server administrator use to fulfill the requirements of the CA? A. Interconnection security agreement B. Certificate templates C. Client-side certificate D. Software token
A
B. Certificate templates
5
Q
The first responder to an incident has been asked to provide an after action report. Which of the following incident response procedures does this support? A. Incident Identification B. Mitigation C. Lessons Learned D. Escalation/Notification
A
C. Lessons Learned
6
Q
A web server at an organization has been the target of distributed denial of service attacks. Which of the following, it correctly configured, would BEST mitigate these and future attacks? A. SYN cookies B. Implicit deny C. Blacklisting D. URL filter
A
A. SYN cookies
7
Q
A finance manager is responsible for approving wire transfers and processing the transfers using the software provided by the company’s bank. A number of discrepancies have been found related to the wires in a recent financial audit and the wires appeared to be fraudulent. Which of the following controls should be implemented to reduce the likelihood of fraud related to the use of wire transfers? A. Separation of duties B. Least privilege C. Qualitative auditing D. Acceptable use policy
A
A. Separation of duties
8
Q
A company has implemented a public-facing authentication system that uses PKI and extended attributes to allow third-party, web-based application integration. Which of the following is this an example of? (Select THREE) A. Federation B. Two-factor authentication C. Transitive Trust D. Trusted OS E. Single sign-on F. TOTP G. MAC
A
A. Federation
C. Transitive Trust
E. Single sign-on
9
Q
A company is providing mobile devices to all employees. The system administrator has been tasked with providing input for the company’s new mobile device policy. Which of the following are valid security concepts that the system administrator should include when offering feedback to management? (select TWO) A. Transitive trust B. Asset tracking C. Remote wiping D. HSM E. Key management
A
B. Asset tracking
C. Remote wiping
10
Q
An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website but instead connects to an attacker who is performing a man-in-the-middle attack. Which of the following should the employee do to mitigate the vulnerability described in the scenario?
A. Connect to a VPN when using public wireless networks
B. Only connect to WPA2 networks regardless of whether the network is public or private
C. Ensure a host-based firewall is installed and running when using public wireless networks
D. Check the address in the web browser before entering credentials
A
A. Connect to a VPN when using public wireless networks
11
Q
Which of the following remote authentication methods uses a reliable transport layer protocol for communication? A. RADIUS B. LDAP C. TACACS+ D. SAML
A
C. TACACS+
12
Q
A company has a proprietary device that requires access to the network be disabled. Only authorized users should have access to the device. To further protect the device from unauthorized access, which of the following would also need to be implemented?
A. Install NIPS within the company to protect all assets
B. Block port 80 and 443 on the firewall
C. Install a cable lock to prevent theft of the device
D. Install software to encrypt access to the hard drive
A
D. Install software to encrypt access to the hard drive
13
Q
A security administrator suspects that an employee has altered some fields within a noSQL database. Which of the following should the security administrator do to confirm the suspicion and identify the employee?
A. Review the video of the employee’s workstation
B. Review the database access log files
C. Capture a system image of the entire server
D. Generate file hashes of the database to compare to the last version
A
B. Review the database access log files.
14
Q
A recent audit has revealed that a large percentage of laptop computers on the internal network are missing critical operating system updates. Which of the following will MOST effectively reduce the likelihood that these machines will become compromised by unknown malware? A. Access control lists B. Antivirus software C. Patch management D. Behavior-based IPS
A
C. Patch management
15
Q
A project manager is working with a data owner to review information security classification requirements for a new system the organization is deploying to customers requiring five-nines uptime. Which of the following classifications would be MOST appropriate for the data owner to establish for the data contained in the system? A. Integrity B. Permanency C. Confidentiality D. Availability
A
D. Availability
16
Q
The network administrator wants to assign VLANs based on which user is logging into the network.Which of the following should the administrator use to accomplish this? (Select TWO) A.MAC filtering B.RADIUS C. 802.3af D. 802.11ac E. 802.1x F. 802.3q
A
B. RADIUS
E. 802.1x
17
Q
A PKI architect is implementing a corporate enterprise solution. The solution will incorporate key escrow and recovery agents, as well as a tiered architecture. Which of the following is required in order to implement the architecture correctly? A. Certification revocation list B. Strong ciphers C. Intermediate authorities D. IPSec between CAs
A
C. Intermediate authorities
18
Q
Ann, a security administrator, needs to implement a transport encryption solution that will enable her to detect attempts to sniff packets off the wire. Which of the following could be implemented? A. Elliptic curve algorithms B. Ephemeral keys C. Quantum cryptography D. Steganography
A
C. Quantum cryptography
19
Q
An organization that uses cloud infrastructure to present a payment portal is using: A. Software as a service (Saas) B. Platform as a service (Paas) C. Monitoring as a service (Maas) D. Infrastructure as a service (Iaas)
A
A. Software as a service (Saas)
20
Q
A data center has suffered repeated burglaries that led to equipment theft and arson. In the past, the thieves have demonstrated a determination to bypass any installed safeguards. After mantraps have been installed to prevent tailgating, the thieves crashed through the wall of the data center with a vehicle after normal business hours. Which of the following options could further improve the physical safety and security of the data center? (Select TWO) A.Cipher locks B. CCTV C. Escape routes D. K-rated fencing E. FM200 fire suppression
A
D. K-rated fencing
E. FM200 fire suppression
21
Q
Several computers in an organization are running below the normal performance baseline. A security administrator inspects the computers and finds the following pieces of information:
- Several users have uninstalled the antivirus software
- Some users have installed unauthorized software
- Several users have installed pirated software
- Some computers have had automatic updating disabled after being deployed
- Users have experienced slow responsiveness when using the internet browser
- Users have complete control over critical system properties
Which of the following solutions would have prevented these issues from occurring? (Select TWO)
A. Using snapshots to revert unwanted user changes
B. Using an IPS instead of an antivirus
C. Placing users in appropriate security groups
D. Disabling unnecessary services
E. Utilizing an application whitelist
F. Utilizing an application blacklist
A
C. Placing users in appropriate security groups
E. Utilizing an application whitelist
22
Q
A security analyst is investigating an incident involving an internal host in the finance department that has been communicating with a C&C server. The security analyst is having a difficulty determining the identity of the endpoint. Upon investigation, the analyst is informed that the flow of traffic from the finance department to the C&C server takes the following path: Switch A, Proxy A, Switch B, Router A. Multiple departments also follow the same flow of traffic. The security analyst sees one RFC 1918 address arriving at Router A. Which of the following administrators should be contacted FIRST in order to help aid in determining the identification of the compromised host? A. Router A network administrator B. Proxy A network administrator C. Switch A network administrator D. Switch B network administrator
A
B. Proxy A network administrator
23
Q
A network administrator discovers that telnet was enabled on the company’s Human Resources (HR) payroll server and that someone outside of the HR subnet has been attempting to log into the server. The network administrator has disabled telnet on the payroll server. Which of the following is a method of tracking attempts to log onto telnet without exposing company data? A. Banner grabbing B. Active port numbers C. Honeypot D. Passive IPS
A
C. Honeypot
24
Q
A recent policy change at an organization requires that all remote access connections to and from file servers at remote locations must be encrypted. Which of the following protocols would accomplish this new directive? (Select TWO) A. TFTP B. SSH C. FTP D. RDP E. HTTP
A
B. SSH
D. RDP
25
```
Which of the following physical security controls would be MOST appropriate to protect individual customer assets in a co-location data center?
A. Motion detection
B. Mantrap
C. Hardware locks
D. Barricades
```
C. Hardware locks
26
```
An old 802.11b wireless bridge must be configured to provide confidentiality of data in transit to include the MAC addresses of communicating endpoints. Which of the following can be implemented to meet this requirement?
A. MSCHAPv2
B. WPA2
C. WEP
D. IPsec
```
D. IPsec
27
```
A server administrator is investigating a breach and determines that an attacker modified the application log to obfuscate the attack vector. During the lessons learned activity, the facilitator asks for a mitigation response to protect the integrity of the logs should a similar attack occur. Which of the following mitigations would be MOST appropriate to fulfill the requirement?
A. Host-based IDS
B. Automated log analysis
C. Enterprise SIEM
D. Real-time event correlation
```
C. Enterprise SIEM
28
```
A security manager needs to implement a backup solution as part of the disaster recovery plan. The system owners have indicated that the business cannot afford to lose more than one day of transactions following an event where data would have to be restored. The security manager should set a value of 24 hours for the:
A. Recovery time objective
B. Service level agreement
C. Recovery point objective
D. System backup window
E. Disaster recovery plan
```
C. Recovery point objective
29
```
An administrator wants to configure the security setting in the AD domain to force users to use a unique new password at least ten times before an old password can be reused. Which of the following security controls is the administrator enforcing?
A. Password age
B. Password expiration
C. Password history
D. Password complexity
```
C. Password history
30
```
An application is performing slowly. Management asks the security team to determine if a security compromise is the underlying cause. The security team finds two processes with high resource utilization. Which of the following actions should the team take NEXT?
A. Monitor the IDS/IPS for incidents
B. Perform a vulnerability assessment
C. Initiate a source code review
D. Conduct a baseline comparison
```
Conduct a baseline comparison
31
Which of the following network configurations provides security analysts with the MOST information regarding threats, while minimizing the risk to internal corporate assets?
A. Configuring the wireless access point to be unencrypted
B. Increasing the logging level of the internal corporate devices
C. Allowing inbound traffic to a honeypot on the corporate LAN*
D. Placing a NIDS between the corporate firewall and ISP
D. Placing a NIDS between the corporate firewall and ISP
32
```
A forensics expert needs to be able to prove that digital evidence was not tampered with after being taken into custody. Which of the following is useful in this scenario?
A. Encryption
B. Non-repudiation
C. Hashing
D. Perfect forward secrecy
E. Steganography
```
C. Hashing
33
```
A security administrator has performed the following configuration of a router: disabled telnet, the default SNMP string, disallowed the routing of private IP addresses, limited management access to the console port, and configured sending of events to a syslog server. Which of the following principles is being demonstrated?
A. Implicit deny
B. Access control lists
C. Port security
D. Secure baseline configuration
```
D. Secure baseline configuration
34
```
A security auditor has full knowledge of company configuration and equipment. The auditor performed a test on the network, resulting in an exploitation of a zero-day vulnerability. Which of the following did the security auditor perform?
A. Gray box test
B. Vulnerability scan
C. Black box test
D. Penetration test
```
D. Penetration test
35
```
In order to comply with new auditing standards, a security administrator must be able to correlate system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement?
A. Access control lists on file servers
B. Elimination of shared accounts
C. Group-based privileges for accounts
D. Periodic user account access reviews
```
B. Elimination of shared accounts
36
A security administrator runs a port scan against a server and determines that the following ports are open:
```
TCP 22
TCP 25
TCP 80
TCP 631
TCP 995
```
Which of the following MOST likely describes the server?
A. It is an email server that requires secure email transmittal
B. It is a web server that requires secure communication
C. It is a print server that requires secure authentication
D. It is an email server that requires secure email retrieval
D. It is an email server that requires secure email retrieval
37
```
The network administrator sees a “%CAM-TABLE-FULL” message on a network switch. Upon investigation, the administrator notices thousands of MAC addresses associated with a single untagged port. Which of the following should be implemented to prevent this type of attack?
A. Port security
B. BPDU guard
C. 802.1x
D. TACACS+
```
C. 802.1x
38
```
During a recent audit, it was discovered that several database services were running with the local user accounts named “admin” and “dbadmin.” Which of the following controls will prevent network administrators from using these types of usernames for services in the future? (Select TWO)
A. Use shared account policies
B. Prohibit generic or default accounts
C. Perform continuous access monitoring
D. Perform user account access reviews
E. Require dedicated service accounts
```
B. Prohibited generic or default accounts
| E. Require dedicated service accounts
39
A software development manager needs to create several different environments for application development, testing, and quality control. Controls are being put in into place to manage how software is moved into the production environment.
Which of the following should the software development manager request to be put into place to implement the three new environments?
A. Application firewalls
B. Network segmentation
C. Trusted computing
D. Network address translation
B. Network segmentation
40
```
A finance employee needs to access sensitive materials after business hours but is unable to log into the network. The current policy prohibits access to financial applications after business hours. Which of the following access controls is MOST likely in effect?
A. Mandatory
B. Role-based
C. Discretionary
D. Rule-based
```
D. Rule-based
41
```
Which of the following is MOST effective at cracking hashed passwords?
A. Rainbow tables
B. Dictionary attack
C. Birthday attack
D. Brute force attack
```
A. Rainbow tables
42
```
A company has noticed a recent increase in machines that have been exploited using vulnerabilities via third-party software. Which of the following would BEST helps the company reduce the likelihood of vulnerabilities within the software creating future problems?
A. Patch management
B. Host-based firewalls
C. Anitvirus software
D. White-listing applications
```
A. Patch management
43
```
A company is hosting both sensitive and public information at a cloud provider. Prior to the company going out of business, the administrator wants to decommission all virtual servers hosted on the cloud. When wiping the virtual hard drive, which of the following should be removed?
A. Hardware specifications
B. Encrypted files
C. Data remnants
D. Encrypted keys
```
C. Data remnants
44
```
Which of the following would be MOST appropriate for securing large amounts of data-in-motion?
A. SHA
B. RSA
C. Diffie-Hellman
D. AES
```
D. AES
45
```
After a private key had been compromised, an administrator realized that downloading a CRL once per day was not effective. The administrator wants to immediately revoke certificates. Which of the following should the administrator investigate?
A. CSR
B. PKI
C. IDP
D. OCSP
```
D. OCSP
46
A risk assessment team is concerned about hosting data with a cloud service provider (CSP). Which of the following findings would justify this concern?
A. The CSP utilizes encryption for data at rest and data in motion
B. The CSP takes into account multinational privacy concerns
C. The financial review indicates the company is a startup
D. SLAs state service tickets will be resolved in less than 15 minutes
C. The financial review indicates the company is a startup
47
```
A security administrator has noticed there is no internet-bound traffic from users who VPN into the corporate network. Which of the following configurations should the security administrator apply on the VPN concentrator to ensure internet-bound traffic from VPN clients is routed through the corporate network?
A. Full tunnel
B. IPsec tunnel
C. Dynamic NAT
D. Split tunnel
```
A. Full tunnel
48
Based on a review of the existing access policies, the network administrator determines that changes are needed to meet current regulatory requirements for the organization’s access control process. To initiate changes in the process, the network administrator should FIRST:
A. Update the affected policies and inform the user community of the changes
B. Distribute a memo stating that all new accounts must follow current regulatory requirements
C. Inform senior management that changes are needed to existing policies
D. Notify the user community that non-compliant accounts will be required to use the new process
C. Inform senior management that changes are needed to existing policies
49
```
A company has begun construction on a new building. The construction crews have noticed that valuable materials have been stolen from the site. Which of the following preventative controls should be used by the Chief Security Officer (CSO) to prevent future theft?
A. Motion sensors
B. CCTV
C. Fencing
D. Lighting
```
C. Fencing
50
```
A network administrator is in the process of developing a new network security infrastructure. One of the requirements for the new system is the ability to perform advanced authentication,authorization, and accounting services. Which of the following technologies BEST meets the stated requirement?
A. Kerberos
B. SAML
C. TACACS+
D. LDAPS
```
C. TACACS+
51
```
A company has completed the continuity of operations plan and needs to validate that everyone knows what actions to perform. Which of the following can be performed instead of completing a full fail over to validate this requirement?
A. Tabletop exercise
B. Sandboxing
C. Business impact analysis
D. Risk Assessment
```
A. Tabletop exercise
52
Joe is a helpdesk specialist. During a routine audit, a company discovered that his credentials were used while he was on vacation. The investigation further confirmed that Joe still has his badge and it was last used to exit the facility. Which of the following access control methods is MOST appropriate for preventing such occurrences in the future?
A. Access control where the credentials cannot be used except when the associated badge is in the facility
B. Access control where system administrators may limit which users can access their systems
C. Access control where employee access permissions are based on job title
D. Access control system where badges are only issued to cleared personnel
A. Access control where the credentials cannot be used except when the associated badge is in the facility
53
```
Which of the following represents a common approach taken to remotely render data inaccessible on mobile devices?
A. Delete FDE key
B. Hardware degausser
C. Purge running memory
D. Overwrite system files
```
D. Overwrite system files
54
An employee connects a wireless access point to the only jack in the conference room to provide
internet access during a meeting. The access point is configured to secure its users with WPA2-TKIP.
A malicious user is able to intercept clear text HTTP communication between the meeting attendees
and the internet. Which of the following is the reason the malicious user is able to intercept and see
the clear text communication?
A. The malicious use is running a wireless sniffer
B. The wireless access point is broadcasting the SSID
C. The malicious user is able to capture the wired communication
D. The meeting attendees are using unencrypted hard drives
C. The malicious user is able to capture the wired communication
55
A penetration tester is attempting to determine the operating system of a remote host. Which of
the following methods will provide this information?
A. Protocol analyzer
B. Honeypot
C. Fuzzer
D. Banner Grabbing
D. Banner Grabbing
56
A system administrator is configuring a site-to-site IPsec VPN tunnel. Which of the following should
configured on the VPN concentrator for Payload encryption?
A. ECDHE
B. SHA256
C. HTTPS
D. 3DES
D. 3DES
57
An administrator sees the following entry in a system:
02:23:41AM Mar 09 2015 www:WARNING: MD5 checksum on file/etc/sudoers has changed, Please
update db if this change is expected.
Which of the following describes the type of application that generated this log entry?
A. Change management
B. Security Patch Management
C. SE Linux audit utility
D. File Integrity Management
C. SE Linux audit utility
58
```
Which of the following network design components would assist in separating network traffic based
on the logical location of users?
A. IPsec
B. NAC
C. VLAN
D. DMZ
```
C. VLAN
59
A security administrator has been tasked with hardening operating system security on tablets that
will be deployed for use by floor salespeople at retail outlets. Which of the following could the
administrator implement to reduce the likelihood that unauthorized users will be able to access
information on the tablets?
A. GPS device tracking
B. Remote wiping
C. Cable locks
D. Password protection
D. Password protection
60
Ann, a security analyst, is monitoring the IDS console and noticed multiple connections from an
internal host to a suspicious call-back domain. Which of the following tools would aid her to
decipher the network traffic?
A. Vulnerability Scanner
B. Nmap
C. Netstat
D. Packet Analyzer
D. Packet Analyzer
61
A company uses digital signatures to sign contracts. The company requires external entities to
create an account with a third-party digital signature and sign an agreement stating that they will
protect the account from unauthorized access. Which of the following security goals is the company
trying to address in the given scenario?
A. Availability
B. Non-repudiation
C. Authenticity
D. Confidentiality
E. Due Diligence
B. Non-repudiation
62
```
When implementing a new system, a systems administrator works with the information system owner to identify and document the responsibilities of the various positions within the organization. Once responsibilities are identified, groups are created within the system to accommodate the various responsibilities of each position type, with users being placed in these groups. Which of the following principles of authorization is being developed?
A. Rule-based access control
B. Least Privilege
C. Separation of Duties
D. Access Control Lists
E. Role-based access control
```
E. Role-based access control
63
An employee is conducting a presentation at an out-of-town conference center using a laptop. The
wireless access point at the employee’s office has an SSID of OFFICE. The laptop was set to
remember wireless access points. Upon arriving at the conference, the employee powered on the
laptops and noticed that it was connected to the OFFICE access point. Which of the following MOST
likely occurred?
A. The laptop connected to a legitimate WAP
B. The laptop connected as a result of an IV attack
C. The laptop connected to an evil twin WAP
D. The laptops connected as a result of near field communication
C. The laptop connected to an evil twin WAP
64
A company uses PKI certificates stored on a smart-chip-enabled badge. The badge is used for a
small number of devices that connect to a wireless network. A user’s badge was reported stolen.
Which of the following could the security administrator implement to prevent the stolen badge from
being used to compromise the wireless network?
A. Asset tracking
B. Honeynet
C. Strong PSK
D. MAC Filtering*
A. Asset tracking
65
A system administrator wants to ensure that only authorized devices can connect to the wired
corporate system. Unauthorized devices should be automatically placed on a guest network. Which
of the following MUST be implemented to support these requirements? (Select TWO)
A. Port Security
B. 802.1x
C. Proxy
D. VLAN
E. NAT
B. 802.1x
| D. VLAN
