Bank 4 Flashcards
(43 cards)
A security guard notices a vehicle parked beside the trash bins at the loading dock and an unknown individual opening trash bags. The security guard notifies the local authorities so they can investigate. Which of the following is potentially being conducted? A. Impersonation B. Spear phishing C. Dumpster diving D. Intimidation
C. Dumpster diving
Which of the following threat factors is MOST likely to steal a company’s proprietary information to gain a market edge and reduce time to market? A. Competitor B. Hacktivist C. Insider D. Organized crime
A. Competitor
Which of the following BEST describes the impact of an unremediated session timeout vulnerability?
A. The credentials of a legitimate user could be intercepted and reused to log in when the legitimate user is offline
B. An attacker has more time to attempt brute-force password cracking
C. More than one user may be allowed to concurrently connect to a system, and an attacker can use one of those concurrent connection
D. An attacker could use an existing session that has been initiated by a legitimate user
D. An attacker could use an existing session that has been initiated by a legitimate user
A security engineer is making changes to a corporate network to facilitate the expansion of corporate connectivity to guest users. The security engineer is concerned with unauthorized users accessing sensitive systems that also require network connectivity. Given the engineer’s requirements, which of the following is the BEST method of securing the sensitive systems?
A. Place the sensitive systems in an isolated VLAN
B. Place an air gap around the sensitive systems
C. Virtualize the guest wireless infrastructure
D. Place the guest WAPs on a honeynet
A. Place the sensitive systems in an isolated VLAN
A security administrator wants to install an AAA server to centralize the management of network devices, such as routers and switches. The server must reauthorize each individual command executed on a network device. Which of the following should be implemented? A. RADUIS B. Kerberos C. SAML D. TACACS+
D. TACACS+
A systems administrator wants to implement a wireless protocol that will allow the organization to authenticate mobile devices prior to providing the user with a captive portal login. Which of the following should the systems administrator configure? A. L2TP with MAC filtering B. EAP-TTLS C. WPA2-CCMP with PSK D. RADIUS federation
C. WPA2-CCMP with PSK
Which of the following could help detect trespassers in a secure facility? (SELECT TWO) A. Faraday cages B. Motion-detection sensors C. Tall, chain-link fencing D. Security guards E. Smart cards
B. Motion-detection sensors
D. Security guards
A penetration tester harvests potential usernames from a social networking site. The penetration tester then uses social engineering to attempt to obtain associated passwords to gain unauthorized access to shares on a network server. Which of the following methods is the penetration tester MOST likely using? A. Escalation of privilege B. SQL injection C. Active reconnaissance D. Proxy server
C. Active reconnaissance
A company performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed? A. Mission-essential function B. Single point of failure C. Backup and restoration plans D. Identification of critical systems
D. Identification of critical systems
A security specialist must confirm a backup matches the original copy. Which of the following should the security specialist use to accomplish the objective? A. AES B. 3DES C. MD5 D. RSA
C. MD5
When developing an application, executing a preconfigured set of instructions is known as: A. a code library B. code signing C. a stored procedure D. infrastructure as code
C. a stored procedure
A user receives an email from an ISP indicating malicious traffic coming from the user’s home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening?
A. The camera system is infected with a bot
B. The camera system is infected with a RAT
C. The camera system is infected with a Trojan
D. The camera system is infected with a backdoor
A. The camera system is infected with a bot
Finance department employees are reporting slow network connectivity and SSL/TLS certificate errors when they access secure websites. A security administrator suspects a computer in the finance VLAN may have been compromised and is impersonating the router’s IP address using an MITM attack. Which of the following commands should the security administrator use to verify this finding? A. arp B. route C. tracert D. nmap E. nslookup
A. arp
A security analyst finished drafting an official response to a security assessment report, which must be sent to the head of the auditing department. The security analyst needs to assure the head of the auditing department that the response came from the security analyst, and the contents of the response must be kept confidential. Which of the following are the LAST steps the security analyst should perform prior to electronically sending the message? (SELECT TWO)
A. Hash the message
B. Encrypt the message
C. Digitally sign the message
D. Label the email as “Confidential”
E. Perform a key exchange with the recipient
B. Encrypt the message
C. Digitally sign the message
Which trying to manage a firewall’s ACL, a security administrator (User3) receives an “Access Denied” error. The manager reviews the following information:
Security_admins:User1, User2
Firewall access:
ACL Read: Security_admins
ACL Writes: Security_admins
Reboot: Managers
Audit:User3
Which of the following is preventing the administrator from managing the firewall? A. Mandatory access control B. Rule-based access control C. Group-based access control D. Attribute-based access control
D. Attribute-based access control
A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented if the administrator does not want to provide the wireless password of certificate to the employees? A. WPS B. 802.1X C. WPA2-PSK D. TKIP
A. WPS
Hacktivists are more commonly motivated by: A. curiosity B. notoriety C. financial gain D. political cause
D. political cause
Which of the following scenarios BEST describes an implementation of non-repudiation?
A. A user logs into a domain workstation and accesses network file shares for another department
B. A user remotely logs into the mail server with another user’s credentials
C. A user sends a digitally signed email to the entire finance department about an upcoming meeting
D. A user accesses the workstation registry to make unauthorized changes to enable functionality within an application
C. A user sends a digitally signed email to the entire finance department about an upcoming meeting
A systems administrator found a suspicious file in the root of the file system. The file contains URL’s, usernames, passwords, and text from other documents being edited on the system. Which of the following types of malware would generate such a file? A. Keylogger B. Rootkit C. Bot D. RAT
A. Keylogger
A company has noticed multiple instances of proprietary information on public websites. It has also observed an increase in the number of email messages sent to random employees containing malicious links and PDFs. Which of the following changes should the company make to reduce the risks associated with phishing attacks: (SELECT TWO)
A. Install an additional firewall
B. Implement a redundant email server
C. Block access to personal email on corporate systems
D. Update the X 509 certificates on the corporate email server
E. Update corporate policy to prohibit access to social media websites
F. Review access violations on the file server
C. Block access to personal email on corporate systems
E. Update corporate policy to prohibit access to social media websites
An organization employee resigns without giving adequate notice. The following day, it is determined that the employee is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of this occurring? (SELECT TWO) A. Proper off boarding procedures B. Acceptable use policies C. Non-disclosure agreements D. Exit interviews E. Background Checks F. Separation of Duties
A. Proper off boarding procedures
B. Acceptable use policies
D. Exit interviews
A company is allowing a BYOD policy for its staff. Which of the following is a best practice that can decrease the risk of users jailbreaking mobile devices?
A. Install a corporately monitored mobile antivirus on the devices
B. Prevent the installation of applications from a third-party application store
C. Build a custom ROM that can prevent jailbreaking
D. Require applications to be digitally signed
A. Install a corporately monitored mobile antivirus on the devices
Joe, a user, wants to send a document electronically to Ann, another user, and ensure non-repudiation, confidentiality, and integrity. Which of the following should Joe do? (SELECT TWO)
A. Encrypt the document with Ann’s private key
B. Encrypt the document with Joe’s public key
C. Sign the document with Joe’s private key
D. Sign the document with Ann’s private key
E. Sign the document with Joe’s public key
F. Encrypt the document with Ann’s public key
C. Sign the document with Joe’s private key
F. Encrypt the document with Ann’s public key
Security administrators attempted corrective action after a phishing attack. Users are still experiencing trouble logging in, as well as an increase in account lockouts. Users’ email contacts are reporting an increase in spam and social networking requests. Due to the large number of affected accounts, remediation must be accomplished quickly. Which of the following actions should be taken FIRST?
(SELECT TWO)
A. Disable the compromised accounts
B. Update WAF rules to block social networks
C. Remove the compromised accounts from all AD groups
D. Change the compromised accounts’ passwords
E. Disable the open relay on the email server
F. Enable sender policy framework
A. Disable the compromised accounts
D. Change the compromised accounts’ passwords
