Bank 2 Flashcards by Shandra Camacho

A company has a data classification system with definitions for “Private” and “Public.” The company’s
security outlines how data should be protected based on type. The company recently added the data
type “Proprietary.” Which of the following is the MOST likely reason the company added this data type?
A. Reduced Cost
B. More searchable data
C. Better data classification
D. Expanded authority of the privacy officer

C. Better data classification

How well did you know this?

Not at all

Perfectly

An external attacker can modify the ARP cache of an internal computer. Which of the following types of
attacks is described?
A. Replay
B. Spoofing
C. DNS poisoning
D. Client-side attack

B. Spoofing

How well did you know this?

Not at all

Perfectly

A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The
main culprit is the antivirus program. Which of the following issues is left unresolved?
(Select TWO)
A. MITM attack
B. DoS attack
C. DLL injection
D. Buffer overflow
E. Resource Exhaustion

B. DoS attack

E. Resource Exhaustion

How well did you know this?

Not at all

Perfectly

A help desk technician receives a phone call from an individual claiming to be an employee of the
organization and requesting assistance to access a locked account. The help desk technician asks the
individual to provide proof of identity before access can be granted. Which of the following types of
attack is the caller performing?
A. Phishing
B. Shoulder surfing
C. Impersonation
D. Dumpster diving

C. Impersonation

How well did you know this?

Not at all

Perfectly

A security analyst conducts a manual scan on a known hardened host that identifies many non-compliant
configuration items. Which of the following BEST describes why this has occurred?
(Select TWO)
A. Privileged-user credentials were used to scan the host
B. Non-applicable plugins were selected in the scan policy (Maybe)
C. The incorrect audit file was used
D. The output of the report contains false positives
E. The target host has been compromised

A. Privileged-user credentials were used to scan the host

D. The output of the report contains false positives

How well did you know this?

Not at all

Perfectly

Two users must encrypt and transmit large amounts of data between them. Which of the following
should they use to encrypt and transmit the data?
A. Symmetric algorithm
B. Hash function
C. Digital signature
D. Obfuscation

A. Symmetric algorithm

How well did you know this?

Not at all

Perfectly

A company was recently audited by a third party. The audit revealed the company’s network devices
were transferring files in the clear. Which of the following protocols should the company use to transfer
files?
A. HTTPS
B. LDAPS
C. SCP
D. SNMPv3

D. SNMPv3

How well did you know this?

Not at all

Perfectly

A technician is investigating a potentially compromised device with the following symptoms:
• Browser slowness
• Frequent browser crashes
• Hourglass stuck
• New search toolbar
• Increased memory consumption
Which of the following types of malware has infected the system?
A. Man-in-the-browser
B. Spoofer
C. Spyware
D. Adware

D. Adware

How well did you know this?

Not at all

Perfectly

A penetration tester has written an application that performs a bit-by-bit XOR 0xFF operation on
binaries prior to transmission over untrusted media. Which of the following BEST describes the action
performed by this type of application?
A. Hashing
B. Key exchange
C. Encryption
D. Obfuscation

D. Obfuscation

How well did you know this?

Not at all

Perfectly

A new Chief Information Officer (CIO) has been reviewing the badging procedures and decides to write a policy that all employees must have their badges rekeyed at least annually. Which of the following
controls BEST describes this policy?
A. Physical
B. Corrective
C. Technical
D. Administrative

D. Administrative

How well did you know this?

Not at all

Perfectly

Which of the following MUST the sender use after hashing a message to complete the digital signature
process?
A. Private key
B. Public key
C. Secret key
D. Session key
E. Shared key

A. Private key

How well did you know this?

Not at all

Perfectly

Which of the following specifically describes the exploitation of an interactive process to access
otherwise restricted areas of the OS?
A. Privilege escalation
B. Pivoting
C. Process affinity
D. Buffer overflow

A. Privilege escalation

How well did you know this?

Not at all

Perfectly

A computer resource center issued smartphones to all first-level and above managers. The managers
have the ability to install mobile tools. Which of the following tools should be implemented to control
the types of tools managers install?
A. Download manager
B. Content manager
C. Segmentation manager
D. Application manager

D. Application manager

How well did you know this?

Not at all

Perfectly

When sending messages using symmetric encryption, which of the following must happen FIRST?
A. Exchange encryption keys
B. Establish digital signatures
C. Agree on an encryption method
D. Install digital certificates

C. Agree on an encryption method

How well did you know this?

Not at all

Perfectly

Which of the following is used to validate the integrity of data?
A. CBC
B. Blowfish
C. MD5
D. RSA

C. MD5

How well did you know this?

Not at all

Perfectly

An audit report has identified a weakness that could allow unauthorized personnel access to the facility
at its mail entrance and from there gain access to the network. Which of the following would BEST
resolve the vulnerability?
A. Faraday cage
B. Air gap
C. Mantrap
D. Bollards

C. Mantrap

How well did you know this?

Not at all

Perfectly

A security administrator receives an alert from a third-party vendor that indicates a certificate that was
installed in the browser has been hijacked at the root of a small public CA. The security administrator
knows there are at least four different browsers in use on more than a thousand computers in the
domain worldwide. Which of the following solutions would be BEST for the security administrator to
implement to most efficiently assist with this issue?
A. SLL
B. CRL
C. PKI
D. ACL

B. CRL

How well did you know this?

Not at all

Perfectly

The helpdesk received a call after hours from an employee who was attempting to log into the payroll
server remotely. When the help desk returned the call the next morning, the employee was able to log
into the server remotely without incident. However, the incident occurred again the next evening.
Which of the following BEST described the cause of the issue?
A. The password expired on the account and needed to be reset.
B. The employee does not have the rights needed to access the database remotely.
C. Time-of-day restrictions prevented the account from logging in.
D. The employee’s account was locked out and needed to be unlocked.

C. Time-of-day restrictions prevented the account from logging in.

How well did you know this?

Not at all

Perfectly

A security administrator installed a new network scanner that identifies new host systems on the
network. Which of the following did the security administrator install?
A. Vulnerability scanner
B. Network-based IDS
C. Rogue system detection
D. Configuration compliance scanner

B. Network-based IDS

How well did you know this?

Not at all

Perfectly

A company wants to ensure confidential data from storage media is sanitized in such a way that the
drive cannot be reused. Which of the following methods should the technician use?
A. Shredding
B. Wiping
C. Low-level formatting
D. Repartitioning
E. Overwriting

A. Shredding

How well did you know this?

Not at all

Perfectly

A network administrator needs to allocate a new network for the R&D group. The network must not be
accessible from the internet, regardless of the network firewall or other external misconfigurations.
Which of the following settings should the network administrator implement to accomplish this?
A. Configure the OS default TTL to 1.
B. Use NAT on the R&D network.
C. Implement a router ACL
D. Enable protected ports on the switch.

B. Use NAT on the R&D network.

How well did you know this?

Not at all

Perfectly

Which of the following would provide additional security by adding another factor to a smart card?
A. Token
B. Proximity badge
C. Physical key
D. PIN

D. Pin

How well did you know this?

Not at all

Perfectly

An application was recently compromised after some malformed data come in via web form. Which of
the following would MOST likely have prevented this?
A. Input validation
B. Proxy server
C. Stress testing
D. Encoding

A. Input validation

How well did you know this?

Not at all

Perfectly

In determining when it may be necessary to perform a credentialed scan against a system instead of a
non-credentialed scan, which of the following requirements is MOST likely to influence this decision?
A. The scanner must be able to enumerate the host OS of devices scanned.
B. The scanner must be able to footprint the network.
C. The scanner must be able to check for open ports with listening services.
D. The scanner must be able to audit file system permissions.

D. The scanner must be able to audit file system permissions.

How well did you know this?

Not at all

Perfectly

A forensic expert is given a hard drive from a crime scene and is asked to perform an investigation. Which of the following is the FIRST step the forensic expert needs to take to protect the chain of custody? A. Make a forensic copy. B. Create a hash of the hard drive. C. Recover the hard drive data. D. Update the evidence log.

D. Update the evidence log.

A new system design will include local user tables and password files managed by the systems administrators, an external permissions tree managed by an access control team, and an external auditing infrastructure managed by a security team. Which of the following is managed by the security team? A. Identification B. Authorization C. Authentication D. Accounting

D. Accounting

Which of the following is the BEST choice for a security control that represents a preventive and corrective logical control at the same time? A. Security awareness training B. Antivirus C. Firewalls D. Intrusion detection system

B. Antivirus

A user typically works remotely over the holidays, using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the cause? A. The certificate has expired. B. The browser does not support SSL. C. The user’s account is locked out. D. The VPN software has reached the seat license maximum.

A. The certificate has expired.

The administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options should the administrator select for the new wireless router? A. WPA+CCMP B. WPA2+CCMP C. WPA+TKIP D. WPA2+TKIP

C. WPA+TKIP

``` An organization is expanding its network team. Currently, it has local accounts on all network devices; but with growth, it wants to move to centrally managed authentication. Which of the following are the BEST solutions for the organization? (Select TWO) A. TACACS+ B. CHAP C. LDAP D. RADIUS E. MSCHAPv2 ```

A. TACACS+ | D. RADIUS

A company wants to implement a wireless network with the following requirements: • All wireless users will have a unique credential. • User certificates will not be required for an authentication. • The company’s AAA infrastructure must be utilized. Which of the following should be used in the design to meet the requirements? A. EAP-TLS B. EAP-FAST C. PSK D. PEAP

D. PEAP

A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information. Which of the following should the administrator use? (Select TWO) A. TOTP B. SCP C. FTP over a non-standard port D. SRTP E. Certificate-based authentication F. SNMPv3

B. SCP | F. SNMPv3

A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFi-enabled baby monitor while the baby’s parents were sleeping. Which of the following BEST describes how the intruder accessed the monitor? A. Outdated antivirus B. WiFi signal strength C. Social engineering D. Default configurations

D. Default configurations

Which of the following attack types BEST describes a client-side attack that it used to manipulate an HTML iframe with JavaScript code via a web browser? A. Buffer overflow B. MITM C. XSS D. SQLi

C. XSS

Users from two organizations, each with its own PKI, need to begin working together on a joint project. Which of the following would allow the users of the separate PKI’s to work together without connection errors? A. Trust model B. Stapling C. Intermediate CA D. Key escrow

A. Trust model

A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is looking for information about software versions on the network. Which of the following techniques is the intruder using? A. Banner grabbing B. Port scanning C. Packet sniffing D. Virus scanning

A. Banner grabbing

Joe, a salesman, was assigned to a new project that requires him to travel to a client site. While waiting for a flight, Joe decides to connect to the airport wireless network without connecting to a VPN, and then send confidential emails to fellow colleagues. A few days later, the company experiences a data breach. Upon investigation, the company learns Joe’s emails were intercepted. Which of the following MOST likely caused the data breach? A. Policy violation B. Social engineering C. Insider threat D. Zero-day attack

A. Policy violation

When it comes to cloud computing, if one of the requirements for a project is to have the most control over the systems in the cloud, which of the following is a service model that would be BEST suited? A. Infrastructure B. Platform C. Software D. Virtualization

A. Infrastructure

Which of the following differentiates a collision attack from a rainbow table attack? A. A rainbow attack performs a hash lookup. B. A rainbow table attack uses the hash as a password. C. In a collision attack the hash and input data are equivalent. D. In a collision attack, the same input results in different hashes.

A. A rainbow attack performs a hash lookup.

``` Which of the following refers to the term used to restore a system to its operational state? A. MTBF B. MTTR C. RTO D. RPO ```

C. RTO

``` A security analyst receives an alert from a WAF with the following payload: var data = “ ++ ” ``` ``` Which of the following types of attacks is this? A. Cross-site request forgery B. Buffer overflow C. SQL injection D. JavaScript data insertion E. Firewall evasion script ```

D. JavaScript data insertion

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires client MAC addresses to be visible across the tunnel? A. Tunnel mode IPSec B. Transport mode VPN IPSec - Possibly C. L2TP - Possibly D. SSL VPN

D. SSL VPN

Which of the following is the proper order for logging a user into a system from the first step to the last step? A. Identification, authentication, authorization B. Identification, authorization, authentication C. Authentication, authorization, identification D. Authentication, identification, authorization E. Authorization, identification, authentication

A. Identification, authentication, authorization

``` An active/passive configuration has an impact on: A. Confidentiality B. Integrity C. Availability D. Non-repudiation ```

C. Availability

A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is in a hurricane-affected area and the disaster site is 100mi (161km) away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement? A. Hot site B. Warm site C. Cold site D. Cloud-based site

Hot site

A security analyst is mitigating a pass-the-hash vulnerability on a Windows infrastructure. Given the requirement, which of the following should the security analyst do to MINIMIZE the risk? A. Enable CHAP B. Disable NTLM C. Enable Kerberos D. Disable PAP

B. Disable NTLM

``` An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code: void foo (char *bar) { char random_user_input[12]; strcpy (random_user_input, bar); } Which of the following vulnerabilities is present? A. Bad memory pointer B. Buffer overflow C. Integer overflow D. Backdoor ```

B. Buffer overflow

A systems administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network? A. Open wireless network SSL VPN - Possibly B. WPA using a preshared key C. WPA2 using a RADIUS back-end for 802.1x authentication D. WEP with a 40-bit-key

B. WPA using a preshared key

A Chief Information Officer (CIO) asks the company’s security specialist if the company should spend any funds on malware protection for a specific server. Based on risk assessment, the ARO value of a malware infection for the server is 5 and the annual cost for the malware protection is $2,500. Which of the following SLE values warrants a recommendation against purchasing the malware protection? A. $500 B. $1,000 C. $2,000 D. $2,500

A. $500

An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented? A. Use a camera for facial recognition B. Have users sign their name naturally C. Require a palm geometry scan D. Implement iris recognition

B. Have users sign their name naturally

An information security specialist is reviewing the following output from a Linux server: ``` user@server:~$ crontab -1 5 * * * * /usr/local/bin/backup.sh #!/bin/bash if ! grep –quiet joeuser /etc/passwd then rm –rf / fi ``` ``` Based on the above information, which of the following types of malware was installed on the server? A. Logic bomb B. Trojan C. Backdoor D. Ransomware E. Rootkit ```

A. Logic bomb

To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following should be employed? A. Least privilege B. Job rotation C. Background checks D. Separation of duties

D. Separation of duties

A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure? A. Accounting B. Authorization C. Authentication D. Identification

A. Accounting

A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another host over a nonstandard port. Upon investigation, the origin host that initiated the socket shows this output: ``` usera@host>history mkdir /local/usr/bin/somedirectory nc -1 192.168.5.1 –p 9856 ping –c 30 8.8.8.8 –s 600 rm /etc/dir2/somefile rm –rm /etc/dir2/ traceroute 8.8.8.8 pskill pid 9487 usera@host> ``` ``` Given the above output, which of the following commands would have established the questionable socket? A. traceroute 8.8.8.8 B. ping -1 30 8.8.8.8 –s 600 C. nc -1 192.168.5.1 –p 9856 D. pskill pid 9487 ```

C. nc -1 192.168.5.1 –p 9856

``` Which of the following is an asymmetric function that generates a new and separate key every time it runs? A. RSA B. DSA C. DHE D. HMACF2 ```

C. DHE

``` When attackers use a compromised host as a platform for launching attacks deeper into a company’s network, it is said that they are: A. escalating privilege B. becoming persistent C. fingerprinting D. pivoting ```

D. pivoting

An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network can be seen sending packets to the wrong gateway. Which of the following network devices is misconfigured and which of the following should be done to remediate the issue? A.Firewall; implement an ACL on the interface B.Router; place the correct subnet on the interface C.Switch; modify the access port to trunk port D.Proxy; add the correct transparent interface

D.Proxy; add the correct transparent interface

A security administrator is developing controls for creating audit trails and tracking if a PHI data is to occur. The administrator has been given the following requirements: * All access must be correlated to a user account. * All user accounts must be assigned to a single individual. * User access to the PHI data must be recorded. * Anomalies in PHI data access must be reported. * Logs and records cannot be deleted of modified. Which of the following should the administrator implement to meet the above requirements? (Select THREE) A.Eliminate shared accounts B.Create a standard naming convention for accounts C.Implement usage auditing and review - Possibly D.Enable account lockout thresholds E.Copy logs in real time to a secured WORM drive F.Implement time-of-day restrictions G.Perform regular permission audits and reviews

A. Eliminate shared accounts C. Implement usage auditing and review - Possibly E. Copy logs in real time to a secured WORM drive

``` Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application? A. Sandboxing B. Encrypting C. Code signing D. Fuzzing ```

A. Sandboxing

``` A security technician has been receiving alerts from several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased. Which of the following is the MOST likely cause of the decreased disk space? A. Misconfigured devices B. Logs and events anomalies C. Authentication issues D. Unauthorized software ```

B. Logs and events anomalies

``` A security analyst has been dealing with a large number of malware infections on workstations with legacy operating systems. The infections are not being detected by the current AV suite. Further analysis shows that the signatures are up-to-date and the AV engines are functioning correctly. The company is unable to afford next-generation AV that prevents these types of attacks. Which of the following methods should security analyst employ to prevent future outbreaks? A. Application whitelisting B. Patch management C. Host-based intrusion detection D. File integrity monitoring ```

A. Application whitelisting

A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact? A. Launch an investigation to identify the attacking host B. Initiate the incident response plan C. Review lessons learned captured in the process D. Remove malware and restore the system to normal operation

D. Remove malware and restore the system to normal operation

``` Which of the following BEST describes an important security advantage yielded by implementing vendor diversity? A. Sustainability B. Homogeneity C. Resiliency D. Configurability ```

C. Resiliency

A computer emergency response team is called at midnight to investigate a call in which a mail server was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an active connection. Which of the following is the NEXT step the team should take? A. Identify the source of the active connection B. Perform eradication of the active connection and recover C. Perform a containment procedure by disconnecting the server D. Format the server and restore its initial configuration

C. Perform a containment procedure by disconnecting the server

A security analyst is troubleshooting a server-side issue in which users with smart cards are receiving an“unable to verify credential” error message when attempting to log onto Windows servers. All non-smart –card users and accounts are able to authenticate to the server without issue. Which of the following should the security analyst perform to address this issue? A. Ensure the user has rebooted the workstation after the smart card reader is installed. B. Ensure the server’s certificates are installed on the users’ trusted certificate store. C. Ensure the workstation certificates are installed on the server’s trusted certificate store. D. Ensure the CA that issued the smart card certificate is in the NTAuth certificate store.

D. Ensure the CA that issued the smart card certificate is in the NTAuth certificate store.

``` A systems administrator wants to provide for and enforce wireless access accountability during events where external speakers are invited to make presentations to a mixed audience of employees and non-employees. Which of the following should the administrator implement? A. Shared accounts B. Preshared passwords C. Least privilege D. Sponsored guest ```

D. Sponsored guest

``` A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permission settings. Which of the following produced the report? A. Vulnerability scanner B. Protocol analyzer C. Network mapper D. Web inspector ```

A. Vulnerability scanner

``` A security engineer must install the same x.509 certificate on three different servers. The client application that connects to the server performs a check to ensure the certificate matches the host name. Which of the following should the security engineer use? A. Wildcard certificate B. Extended validation certificate C. Public Server Certificate D. Certificate utilizing the SAN field ```

D. Certificate utilizing the SAN field

Bank 2 Flashcards

(68 cards)