maybe this one? Flashcards by Sean Andrews

A penetration tester has written an application that performs a bit-by- bit XOR 0xFF operation on
binaries prior to transmission over untrusted media. Which of the following BEST describes the action
performed by this type of application?

Encryption

How well did you know this?

Not at all

Perfectly

A company wants to ensure confidential data storage media is sanitized in such a way that the drive
cannot be reused. Which of the following methods should the technician use?

Shredding

How well did you know this?

Not at all

Perfectly

A remote intruder wants to take inventory of a network so exploits can be researched. The intruder is
looking for information about software versions on the network. Which of the following techniques is
the intruder using?

Banner grabbing

How well did you know this?

Not at all

Perfectly

Which of the following specifically describes the exploitation of an interactive process to access
otherwise restricted areas of the OS?

Pivoting

How well did you know this?

Not at all

Perfectly

When developing an application, executing a preconfigured set of instructions is known as:

A stored procedure

How well did you know this?

Not at all

Perfectly

A network administrator needs to allocate a new network for the R&D group. The network must not be
accessible from the internet, regardless of the network firewall or other external misconfigurations.
Which of the following settings should the network administrator implement to accomplish this?

Enable protected ports on the switch

How well did you know this?

Not at all

Perfectly

An application was recently compromised after some malformed data came in via a web form. Which of
the following would MOST likely have prevented this?

Input validation

How well did you know this?

Not at all

Perfectly

When attackers use a compromised host as a platform for launching attacks deeper into a company’s
network, it is said that they are:

Pivoting

How well did you know this?

Not at all

Perfectly

A new Chief Information Officer has been reviewing the badging procedures and decides to write a
policy that all employees must have their badges rekeyed at least annually. Which of the following
controls BEST describes this policy?

Administrative

How well did you know this?

Not at all

Perfectly

Which of the following refers to the term used to restore a system to its operational state?

RPO

How well did you know this?

Not at all

Perfectly

A security manager is creating an account management policy for a global organization with sales
personnel who must access corporate network resources while traveling all over the world. Which of the
following practices is the security manager MOST likely to enforce with the policy? (Select TWO)

Password complexity

Group-based access control

How well did you know this?

Not at all

Perfectly

Which of the following would provide additional security by adding another factor to a smart card?

How well did you know this?

Not at all

Perfectly

A security analyst is mitigating a pass-the- hash vulnerability on a Windows infrastructure. Given the
requirement, which of the following should the security analyst do to MINIMIZE the risk?

Disable NTLM

How well did you know this?

Not at all

Perfectly

14.) A security administrator is diagnosing a server where the CPU utilization is at 100% for 24 hours. The
main culprit of CPU utilization is the antivirus program. Which of the following issues could occour if left
unresolved?(Select TWO)

DoS attack

Resource exhaustion

How well did you know this?

Not at all

Perfectly

A company has a data classification system with definitions for “Private” and “Public.” The company’s
security policy outlines how data should be protected based on type. The company recently added the
data type “Proprietary” which of the following is the MOST likely reason the company added this data
type.

More searchable data

How well did you know this?

Not at all

Perfectly

A computer emergency response team is called at midnight to investigate a case in which a mail server
was restarted. After an initial investigation, it was discovered that email is being exfiltrated through an
active connection. Which of the following is the NEXT step the team should take?

Perform a containment procedure by disconnecting the server

How well did you know this?

Not at all

Perfectly

A security engineer must install the same x.509 certificate on three different servers. The client
application that connects to the server performs a check to ensure the certificate matches the host
name. Which of the following should the security engineer use?

Certificate chaining

How well did you know this?

Not at all

Perfectly

Which of the following BEST describes an important security advantage yielded by implementing vendor
diversity?

Resiliency

How well did you know this?

Not at all

Perfectly

20.) Which of the following differentiates a collision attack from a rainbow table attack?

A rainbow table attack performs a hash lookup

How well did you know this?

Not at all

Perfectly

Ransomware is detected on a database administrators workstation. Which of the following forensic
procedures should be performed FIRST to mitigate the threat?

Capture volatile memory

How well did you know this?

Not at all

Perfectly

Ann, a new security specialists, is attempting to access the internet using the company’s open wireless
network. The wireless network is not encrypted, however, once associated, Ann cannot access the
internet or other resources. In an attempt to troubleshoot, she scans the wireless network with NMAP
and discovers the firewall is the only other device on the wireless network. Which of the following BEST
describes the company’s wireless network situation?

The company uses VPN to authenticate and encrypt connections and traffic

How well did you know this?

Not at all

Perfectly

RJ-45 ports have been implemented on an embedded system to allow engineers more convenient
access. The network administrator has concerns regarding placing the equipment on the internal
network and exposing the devices. Which of the following would BEST meet both concerns if the
equipment is placed on the internal network?

Create a separate network segment for the equipment that only the engineers can access

How well did you know this?

Not at all

Perfectly

Which of the following threats is BEST mitigated by application hardening and patching rather than
security training?

Software exploits

How well did you know this?

Not at all

Perfectly

A security administrator generates a key pair and sends one key inside a request file to a third party. The
third party sends back a signed file. In this scenario, the key sent to the third party is called a:

Public key

How well did you know this?

Not at all

Perfectly

An attacker drives past a company, captures the name of the WiFi network and locates a coffee shop near the company. The attacker creates a mobile hotspot with the same name as the company’s WiFi. Which of the following Best describes this wireless attack?

Evil twin

A developer needs to store sensitive employee information on a backend database. The sensitive database records must be accessed by a public web server in the DMZ. Which of the following should be implemented to secure the sensitive information stored in the database?

Store the sensitive records using irreversible encryption

To protect the confidentiality of a VPN session key, the administrator copies the key to a USB drive and ships it overnight to a remote location. This type of key exchange is BEST described as:

Out-of- band

A company is experiencing problems with performance and downtime because application updates and patching are being conducted on production systems during business hours. Users and other IT staff are not being notified of the updates. Which of the following should be instituted to BEST resolve the problems?

Change management

A Linux server using TCP wrappers is utilized in a SCADA environment. Which of the following entries should be placed in the hosts.allow file to allow access on port 22 for a client at 192.168.14.127?

In.ssh 192.168.14.127

A service desk manager is developing an SLA to be used with a new customer. As part of the SLA, various metrics regarding uptime, responsiveness, and remediation are being identified. Given the manager’s unfamiliarity with the products being supported, which of the following metrics would be MOST important to solicit from the customer to determine how much downtime should be expected?

MTBF, MTTF

Members of a production team have been using the username and password of Ann, and employee, to log into their workstations because Ann has elevated privileges. The administrator wants to prevent unauthorized users from logging in with false credentials, while still allowing Ann to continue to utilize her provided equipment. Which of the following should the administrator configure to achieve this?

Authorized workstations

A company needs to adopt a single tenant CSP due to strict regulatory compliance issues. The company wants the CSP to be available at all times and accessible from anywhere over the internet. Which of the following solutions should the company adopt?

Private cloud

A security administrator spots the following log entry fragment on a web server: GET /home.aspx?id= Which of the following types of attacks was attempted?

Cross-site scripting

A systems administrator wants to install a new PKI certificate on a web server. The administrator creates a CSR. Which of the following should the administrator send to the CA to issue a trusted certificate?

The web server’s public key

A malicious user attempts to access a company’s wireless network from the parking lot. Upon launching the wireless network from the parking lot. Upon launching the wireless scanner, the malicious user activates the SSID decloak feature and views many other SSID’s. However, the company’s SSID does not appear as an available network in the tool. Which of the following is preventing the malicious user form scanning the company’s wireless network?

Low-power directional antennas

A new security policy being implemented requires all email within the organization be digitally signed by the author using PGP. Which of the following would needs to be created for each user?

A public and private key

While responding to an incident on a Linux server, the administrator needs to disable unused services. Which of the following commands can be used to see processes that are listening on a TCP port?

Lsof

An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented

Cluster tip wiping

Which of the following access controls enforces permissions based on data labeling at specific levels?

Mandatory access control

A security technician would like an application to use random salts to generate short lived encryption leys during the secure communication handshake process to increase communication security. Which of the following concepts would BEST meet this goal?

Symmetric Encryption Keys

Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises. A security technician was asked to prepare a report of files that had changed since last night's integrity scan. Which of the following could the technician use to prepare the report? (Select TWO).

MD5 | HMAC

A breach at a credit card company resulted in customers credit card information being exposed . The company has conducted a full forensic investigation and identified the source of the breach. Which of the following should the company do NEXT?

Implement damage and loss control procedures

A security administrator discovered that all communication over the company's encrypted wireless network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in an attempt to steal other employee's credentials. Which of the following technology is MOST likely in use on the company's wireless?

WEP 128-PSK

An administrator is implementing a new management system for the machinery on the company's production line. One requirement is that the system only be accessible while within the production facility. Which of the following will be the MOST effective solution in limiting access based on this requirement?

Access control list

Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?

Lack of controls in place to ensure that the devices have the latest system patches and signature files

Which of the following offerings typically allows the customer to apply operating system patches?

Infrastructure as a service

A thief has stolen mobile device and removed its battery to circumvent GPS location tracking. The device user is a four digit PIN. Which of the following is a mobile device security control that ensures the confidentiality of company data?

Full device encryption

The security administrator is analyzing a user's history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user's history log shows evidence that the user attempted to escape the rootjail?

cd ../../../../bin/bash

Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?

Place a guard at the entrance to approve access.

Anne an employee receives the following email: From: Human Resources To: Employee Subject: Updated employee code of conduct Please click on the following link: http//external.site.com/codeofconduct.exe to review the updated code of conduct at your earliest convenience. After clicking the email link, her computer is compromised. Which of the following principles of social engineering was used to lure Anne into clicking the phishing link in the above email?

Familiarity

Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties?

SAML

A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?

IPv6

Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent penetration test reveals vulnerabilities on the network. Which of the following has been reported by the vulnerability scan?

False negative

A company used a partner company to develop critical components of an application. Several employees of the partner company have been arrested for cybercrime activities. Which of the following should be done to protect the interest of the company?

Perform a penetration test against the application

A recently installed application update caused a vital application to crash during the middle of the workday. The application remained down until a previous version could be reinstalled on the server, and this resulted in a significant loss of data and revenue. Which of the following could BEST prevent this issue from occurring again?

Application patch management

A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?

A CRL

The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor's server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO).

URL filtering | Firewall rules

Which of the following steps in incident response procedures entails of the incident and identification of knowledge gained that can be applied to future handling of incidents?

Lessons learned

Which of the following protocols operates at the HIGHEST level of the OSI model?

SCP

An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users’ home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select Two).

Enforcing SELinux in the OS kernel is mandatory access control The policy added by the root user is rule-based access control

Which of the following documents outlines the technical and security requirements of an agreement between organizations?

ISA

Which of the following is a penetration testing method?

Calling the target’s helpdesk, requesting a password reset

Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?

Honeynet

When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?

Asymmetric

A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443 and 3389 are in listening state. No other ports are open. Which of the following services should be disabled to ensure secure communications?

HTTP

IPv6

After working on his doctoral dissertation for two years, Joe, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with?

Ransomware

URL filtering | Firewall Rules

Joe must send Ann a message and provide Ann with assurance that he was the actual sender. Which of the following will Joe need to use to BEST accomplish the objective?

His private key

Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user?

LDAP

A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?

Change the encryption used so that the encryption protocol is CCMP-based.

A security team has established a security awareness program. Which of the following would BEST prove the success of the program?

Metrics

Which of the following should an administrator implement to research current attack methodologies?

Honeypot

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

Advanced persistent threat

Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?

IV attack

Alice, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Alice's company?

Honeynet

A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to- day basis?

Lack of antivirus software

Which system should you implement if you want to create a file system access control model where you can label files as "Secret" Confidential" Restricted Unclassified

Trusted OS

Bob, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Bob had already been working for two hours before leaving the premises. A security technician was asked to prepare a report of files that had changed since last night;s integrity scan. Which of the following could the technician use to prepare the report? (Select TWO).

MD5 | HMAC

Which is the hardest to crack and requires both parties to exchange the encryption key before communicating?

One-time pads

Bob needs to send Sally a digitally signed and encrypted email. Which algorithms and keys is used to complete these actions?

Sally's public key to encrypt using 3DES, Bob's private key to sign using SHA

order to digitally sign your emails with PGP, what needs to be created first?

A public and private key

85.) If you need to look at a former employee’s email for a court case but the emails have been deleted, you should take a look at your?

Data retention policies

Which of the following can be used to ensure that sensitive records stored on a backend server can only be accessed by a front end server with the appropriate record key?

File encryption

In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?

Authentication

In order to secure additional budget, a security manager wants to quantify the financial impact of a one- time compromise. Which of the following is MOST important to the security manager?

SLE

A security technician is implementing PKI on a Network. The technician wishes to reduce the amount of bandwidth used when verifying the validity of a certificate. Which of the following should the technician implement?

CRL

An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?

CCMP

A company wants to improve its overall security posture by deploying environmental controls in its datacenter. Which of the following is considered an environmental control that can be deployed to meet this goal?

Proximity readers

Ann, a security administrator, is strengthening the security controls of the company's campus. Her goal is to prevent people from accessing open locations that are not supervised, such as around the receiving dock. She is also concerned that employees are using these entry points as a way of bypassing the security guard at the main entrance. Which of the following should Ann recommend that would BEST address her concerns?

Build fences around campus with gate entrances

A security administrator is responsible for ensuring that there are no unauthorized devices utilizing the corporate network. During a routine scan, the security administrator discovers an unauthorized device belonging to a user in the marketing department. The user is using an android phone in order to browse websites. Which of the following device attributes was used to determine that the device was unauthorized?

A MAC address

A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack?

Configure flood guards on the switch

A software security concern when dealing with hardware and devices that have embedded software or operating systems is:

The vendor may not have a method for installation of patches

Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?

Personal identifiable information

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

Install a digital certificate on the authentication server

A system administrator needs to implement 802.1x whereby when a user logs into the network the authentication server communicates with a switch and assigns the user to the proper VLAN. Which of the following protocols should be used?

RADIUS

Which of the following can be provided to an AAA system for the identification phase?

Username

Configure flood guards on the switch

The Chief Information Security Officer is concerned that users could bring their personal laptops to work and plug them directly into the network ports under their desks. Which of the following should be configured on the network switch to prevent this from happening?

Port security

Recently, several employees were victims of a phishing email that appeared to originate from the company president. The email claimed the employees would be disciplined if they did not click on a malicious link in the message. Which of the following principles of social engineering made this attack successful?

Authority

Which of the following would enhance the security of accessing data stored in the cloud? (select two)

SAML authentication | Multifactor authentication

A dumpster driver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed?

Using magnetic fields to erase the data

Ann, a systems administrator, is installing an extremely critical system that can support zero downtime. Which of the following BEST describes the type of system Ann is installing?

High availability

An administrator has to determine host operating systems on the network and has deployed a transparent proxy. Which of the following fingerprint types would this solution use?

Passive

An administrator needs to protect against downgrade attacks due to various vulnerabilities in SSL/TLS. Which of the following actions should be performed? (select Two)

Request a new certificate from the CA | Add the old certificate to the CRL

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

Install a digital certificate on the authentication server

The security manager must store a copy of a sensitive document and needs to verify at a later point in time that the document has not been altered. Which of the following will accomplish the security manager’s objective?

MD5

An organization currently employs signature-based NIPS and a firewall, though a recent penetration test demonstrated this existing implementation is insufficient. Which of the following represents the BEST approach to reduce risk?

Deploy technologies that will detect and stop deviations from normal

An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of the following attacks does this prevent?

Smurf

Which of the following can be used for both encryption and digital signatures?

RSA

A security technician would like to obscure sensitive data within a file so it can be transferred without causing suspicion. Which of the following technologies would be BEST suited to accomplish this?

Steganography

A security administrator is reviewing the following log from the company’s UTM, which is installed at the network perimeter PERMIT 172.165.143.5:80 192.168.2.6:1020 FIN PERMIT 10.76.23.5:42331 192.168.1.4:80 SYN PERMIT 192.168.1.4:80 10.76.23.5:42331 SYN/ACK PERMIT 10.76.23.5:42331 192.168.1.4:80 ACK DENY 10.100.34.5:1331 192.168.3.10:445 ACK PERMIT 172.132.5.6:1432 192.168.3.2:80 SYN Given the following additional information: Guess Network: 192.168.1.0/24 User Network: 192.168.2.0/24 Server Network: 192.168.3.0/24 Which of the following should the security administrator recommend?

Block incoming traffic to the guest network

A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops’ local account to verify that a product is being created within specifications, otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?

Create a separate VLAN for the desktops

An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server. Which of the following will MOST likely fix the uploading issue for the users?

Set the Boolean SELinux value to allow FTP home directory uploads

The Chief Information Office has asked a security analyst to determine the estimated costs associated with each potential breach of the database that contains customer information. Which of the following is the risk calculation the CIO is asking for?

SLE

An employer requires that employees use a key-generating app on their smart phones to log into corporate applications. In terms of authentication to the individual, this type of access policy is BEST defined as:

Something you have

A project manager is working with an architectural firm that focuses on physical security. The project manager would like to provide requirements that support the primary goal of safety. Based on the project manager’s desires, which of the following controls would be BEST to incorporate into the facility design?

Escape routes

A small company has recently purchased cell phones for managers to use while working outside of the office. The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks of sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution that BEST meets the company’s requirements?

Screen lock

Which of the following attack types is being carried out when a target is being sent unsolicited messages via Bluetooth?

Bluejacking

When analyzing the behavior of a malicious piece of software, which of the following environments should be used?

Sandbox

An employee needs to connect to a server using a secure protocol on the default port. Which of the following ports should be used?

Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment?

Virtualization

Which of the following would an attacker use to generate and capture additional traffic prior to performing an IV attack?

Dictionary attack

A company executive’s laptop was compromised leading to a security breach. The laptop was placed into storage by a junior system administrator and was subsequently wiped and reimaged. When it was determined that the authorities would need to be involved, there was little evidence to present to the investigators. Which of the following procedures should have been implemented to aid the authorities in their investigation?

A system image should have been created and stored

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation?

Yagi

Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?

$5,000

The Chief Information Officer (CIO) has asked a security analyst to determine the estimated costs associated with each potential breach of their database that contains customer information. Which of the following is the risk calculation that the CIO is asking for?

SLE

A system administrator wants to confidentially send a user name and password list to an individual outside the company without the information being detected by security controls. Which of the following would BEST meet this security goal?

Steganography

Which of the following provides the strongest authentication security on a wireless network?

WPA2

Configure flood guards on the switch

An administrator has to determine host operating systems on the network and has deployed a transparent proxy. Which of the following fingerprint types would this solution use?

Passive

Which of the following ports is used for TELNET by default?

Which of the following can be used to ensure that sensitive records stored on a backend server can only be accessed by a front end server with the appropriate record key?

File encryption

A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used?

LDAP

Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties?

SAML

Which of the following is an authentication method that can be secured by using SSL?

LDAP

Ann a member of the Sales Department has been issued a company-owned laptop for use when traveling to remote sites. Which of the following would be MOST appropriate when configuring security on her laptop?

Configure the laptop with a BIOS password

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?

Continuous security monitoring process

When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator's request?

DMZ

Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults?

VSAN

A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access?

802.1x

An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?

CCMP

Which of the following is the BEST concept to maintain required but non-critical server availability?

Warm site

Virutalization would provide an ROI when implemented under which of the following situations?

Multiple existing but underutilized physical servers

Which of the following remote authentication methods uses a reliable transport layer protocol for communication?

TACACS+

An administrator wants to restrict traffic between two VLANs. The network devices connecting the two VLANs are layer 3 switches. Which of the following should the admin configure?

ACL

A security architect is choosing a cryptographic suite for the TLS 1.2 configuration for a new web-based financial management application that will be used heavily by mobile devices. Which of the following would be the architects MOST secure selection for both key exchange and the session key algorithms? (Select Two)

3DES | ECDHE

A security administrator creates separate VLANs for employee devices and HVAC equipment that is network attached. Which of the following are security reasons for this design? ( Select Three)

Broadcasts from HVAC equipment will be confined to their own network segment HVAC equipment can be isolated from compromised employee workstations Access to and from the HVAC equipment can be more easily controlled

A security administrator is reviewing the password security configuration of a company’s directory service domain. The administrator recognizes that the domain controller has been configured to store LM hashes. Which of the following explains why the domain controller might be configured like this? (Select TWO)

Default configuration | Backward compatibility

A finance manager is responsible for approving wire transfers and processing the transfers using the software provided by the company’s bank. A number of discrepancies have been found related to the wires in a recent financial audit and the wires appearance to be fraudulent. Which of the following controls should be implemented to reduce the likelihood of fraud related to the use of wire transfers?

Separation of duties

The security manager has learned a user inadvertanly sent encrypted PII to an incorrect distribution group. The manager has instructed the user to immediately recall the message. Recipients are instructed to delete the email from all queues and devices. This is an example of which of the following incident response procedures

Mitigation

Joe, a system administrator, configured a device to block network traffic from entering the network. The configuration consisted of zero-day exploit awareness at the application layer of the OSI model. The exploit signatures have been seen on the internet daily. Which of the following does this describe?

NIPS

An organization is developing a plan to ensure an earthquake at a datacenter does not disrupt business. The organization has identified all the critical applications within the datacenter, determining the financial loss of an outage of different duration for each application. This effort is known as a

Disaster recovery

From a network security point of view, the primary reason to implement VLANs is to

Provide network segmentation

A network administrator is configuring a web server to ensure the use of only strong ciphers. Which of the following stream ciphers should the administrator configure?

RC4

An engineer is designing a system that needs the fastest encryption possible due to system requirements. Which of the following should the engineer use?

RSA-1024

An organization’s security policy requires secure file transfers to and from internal hosts. An employee is attempting to upload a file using an unsecured method to a Linux-based dedicated file server and fails. Which of the following should the employee use to transfer the file?

SCP

A security administrator suspects that a server has been compromised with zero-day malware, and that it is now being used to host various copyrighted material, which is being shared through an IRC network. Which of the following should the system administrator use to determine if the server has been compromised?

Baseline

Which of the following BEST describes the benefits of using Extended Validation?

The website provider demonstrates an additional level of trust

Which of the following is susceptible to an attack that can obtain the wireless password by brute-forcing a 4-digit PIN followed by a 3-digit PIN?

WPS

A server administrator is investigating a breach and determines an attacker modified the application log to obscure the attack vector. During the lessons learned activity, the facilitator asks for a mitigation response to protect the integrity of the logs should a similar attack occur. Which of the following mitigations would be MOST appropriate to fulfill the requirement?

Enterprise SIEM

In order to comply with new auditing standards, a security administrator must be able to complete system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement?

Elimination of shared accounts

On a campus network, users frequently remove the network cable from desktop NIC’s and plug personal laptops into the school network. Which of the following could be used to reduce the likelihood of unauthorized laptops on the campus network?

Port security

An employee is using company time and assets to use a third party tool to share downloadable media with other users around the world. Sharing downloadable media is not expressly forbidden in the company security policy or acceptable use policy. Which of the following BEST describes what the security staff should consider adding to these policies?

P2P

The network administrator wants to assign VLANs based on which user is logging into the network. Which of the following should the administrator use to accomplish this? (select Two)

MAC filtering | 802.1x

An application is performing slowly. Management asks the security team to determine if a security compromise is the underlying cause. The security team finds two processes with high resource utilization. Which of the following actions should the team take NEXT?

Conduct a baseline comparison

A company implemented a public-facing authentication system that uses PKI and extended attributes to allow third-party, web-based application integration. This is an example of which of the following? (select three)

Federation Two-factor authentication Single sign-on

An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website but instead connects to an attacker who is performing a MITM attack. Which of the following should the employee do to mitigate the vulnerability described In the scenario?

Connect to a VPN when using public wireless networks

Joe, a security administrator, recently configured a method of secure access for remote administration of network devices. When he attempts to connect to an access layer switch in the organization from outside the network he is unable to successfully connect. Which of the following ports should be open on the firewall for Joe to successfully connect to the switch?

TCP 161

Which of the following is a suitable method of checking for revoked certificates in a client/server environment with connectivity to the issuing PKI?

CRL

During an audit of a software development organization, an auditor finds the organization did not properly follow industry best practices, including peer review and board approval, prior to moving applications into the production environment. The auditor recommends adopting a formal process incorporating these steps. To remediate the finding, the organization implements

Change management

Two companies are partnering to bid on a contract. Normally these companies are fierce competitors, but for this procurement they have determined that a partnership is the only way they can win the job. Both companies are concerned about unauthorized data sharing and want to ensure other divisions within each company will not have access to proprietary data. To best protect against unauthorized data sharing they should each sign a

BPA

A recent network audit revealed several devices on the internal network were not running antivirus or HIPS. Upon further investigation, it was discovered that these devices were new laptops that were deployed without installing the end-point protection suite used by the company. Which of the following could be used to mitigate the risk of authorized devices that are unprotected residing on the network?

MAC filtering

Ann is attempting to send a digitally signed message to Joe. Which of the following should Ann do?

Encrypt a certificate signing request with her private key

Which of the following would provide you with a measure of the frequency at which critical business systems experience breakdowns?

MTBF

Which of the following should be used to secure data-in- use?

Full memory encryption

Which of the following provides a safe, contained environment in which to enforce physical security?

Virtualized sandbox

A local coffee shop provides guests with wireless access but disabled the SSID broadcast for security purposes. When guests make a purchase, they are provided with the SSID to the router. A new customer’s laptop shows the coffee shop’s SSID appears to be broadcasting despite the fact that the wireless router configuration shows the broadcast is disabled. Which of the following situations is likely occurring?

user has set up an evil twin access point near the coffee shop

A security technician notices that several successful attacks are being carried out on the network. The Chief information Security Officer tells the technician to deploy countermeasures that will help actively stop these ongoing attacks. Which of the following technologies will accomplish this task?

A network-based IPS with advanced heuristic capability

Ann, a security administrator, is hardening the user password policies. She currently has the following in place.. Password expire every 60 days, password length is at least eight characters, passwords must contain at least one capital letter and one numeric character. She learns that several employees are still using their original passwords after the 60-day forced change. Which of the following can she implement to BEST mitigate this?

Create a rule that users can only change their passwords once every two weeks

The administrator set up a new WPA2 Enterprise wireless network using EAP-TLS for authentication. The administrator configured the RADIUS servers with certificates that are trusted by the endpoint devices and rules to authenticate a particular group of users. The administrator is part of the group that is authorized to connect but is unable to connect successfully during the first test of the network. Which of the following is the MOST likely cause of the issue?

Client certificates were not deployed

A company has an email server dedicated to only outbound email, inbound email retrieval to this server must be blocked. Which of the following ports must be set to explicit deny?

110 | 143

A PKI architect is implementing a corporate enterprise solution. The solution will incorporate key escrow and recovery agents, as well as a tiered architecture. Which of the following is required to implement the architecture correctly?

Intermediate authorities

The Chief Information Security Officer wants to move the web server from the public network because it has been breached a number of times in the past month. The CISO does not want to place it in the private network since many external users access the web server to fill out their orders. The company policy does not allow any non-secure protocols into the internal network. Given the circumstances, which of the following would be the BEST course of action?

Use NAT on the web server

A security auditor has full knowledge of company configuration and equipment. The auditor performed a test on the network, resulting in an exploitation of a zero-day vulnerability. Which of the following did the security auditor perform?

Penetration test

Which of the following authentication services is BEST suited for an environment that requires the TCP protocol with a clear-text payload?

TACACS+

A security administrator receives a hard drive that must be imaged for forensics analysis. The paperwork that comes with the hard drive shows: 10:00 technician A-Hard drive removed, 10:30- Technician A- Hard drive delivered to Manager A and 11:00-IT director-Hard drive delivered to the security administrator. Which of the following should the security administrator do?

Report a problem with the chain of custody log

The network administrator is installing RS-485 terminal servers to provide card readers to vending machines. Which of the following should be performed to protect the terminal servers?

Network separation

An attacker drives past a company, captures the name of the WiFi network, and locates a coffee shop near the company. The attacker creates a mobile hotspot with the same name as the company’s WiFi. Which of the following BEST describes this wireless attack?

Evil twin

Which of the following MUST be implemented to ensure accountability?

Disable shared accounts

Which of the following attack types is MOST likely to cause damage or data loss for an organization and be difficult to investigate?

DDoS

The remote branch of an organization has been assigned two public IP addresses by an ISP. The organization has ten workstations and a wireless router. Which of the following should be deployed to ensure that all devices have internet access?

PAT

A security administrator wishes to perform authentication, authorization, and accounting, but does not wish to use a proprietary protocol. Which of the following services would fulfill these requirements?

TACACS+

Which of the following is the FASTEST method to disclose one way hashed passwords?

Rainbow tables

A network has been impacted by downtime resulting from unauthorized devices connecting directly to the wired network. The network administrator has been tasked to research and evaluate technical controls that would effectively mitigate risks associated with such devices. Which of the following capabilities would be MOST suitable for implementation in this scenario?

Port Security

A company is providing mobile devices to all employees. The system administrator has been tasked with providing input for the company’s mobile device policy. Which of the following are valid security concepts that the system administrator should include when offering feedback to management? (Select Two)

Asset tracking | Remote wiping

Forensics analyst is asked to identify identical files on a hard drive. Due to the large number of files to be compared, the analyst must use an algorithm that is known to have the lowest collision rate. Which of the following should be selected?

SHA-128

John wants to secure an 802.11n network. Which of the following encryption methods would provide the highest level of protection?

WPA2 with AES

Which of the following is the MOST influential concern that contributes to an organization’s ability to extend enterprise policies to mobile devices?

Support of mobile OS

An application service provider has notified customers of a breach resulting from improper configuration changes. In the incident, a server intended for internal access only was made accessible to external parties. Which of the following configurations were likely to have been improperly modified resulting in the breach?

NAT

Which of the following is commonly done as part of a vulnerability scan?

Indentifying unpatched workstations

A software developer is concerned about DLL hijacking in an application being written. Which of the following is the MOST viable mitigation measure of this type of attack?

Access to DLLs from the windows registry should be disabled

A systems administrator is attempting to recover from a catastrophic failure in the datacenter. To recover the domain controller, the systems administrator needs to provide the domain administrator credentials. Which of the following account types is the systems administrator using?

Service account

Which of the following types of embedded systems is required in manufacturing environments with life safety requirements?

ICS

Users from two organizations, each with its own PKI, need to begin working together on a joint project. Which of the following would allow the users of the separate PKIs to work together without connection errors?

Trust model

A systems administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

WPA using a preshared key

A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is in a hurricane-affected area and the disaster recovery site is 100mi away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement?

Hot site

An organization is expanding its network team. Currently, it has local accounts on all network devices, but with growth, it wants to move to centrally managed authentication. Which of the following are the BEST solutions for the organization? (Select TWO)

LDAP | RADIUS

Which of the following threat actors is MOST likely to steal a company’s proprietary information to gain a market edge and reduce time to market?

Competitor

A security analyst is reviewing an assessment report that includes software versions, running services, supported encryption algorithms, and permission settings. Which of the following produced the report?

Protocol analyzer

The computer resource center issued smart-phones to all first-level and above managers. The managers have the ability to install mobile tools. Which of the following tools should be implemented to control the types of tools the managers install?

Application manager

A security administrator has written a script that will automatically upload binary and text-based configuration files onto a remote server using a scheduled task. The configuration files contain sensitive information. Which of the following should the administrator use? (Select TWO)

SRTP | SNMPv3

A security analyst is conducting a web application vulnerability scan against the company website. Which of the following is considered an intrusive scan?

Time-delay port scanning

A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure?

Accounting

Which of the following BEST describes a network-based attack that can allow an attacker to take full control of a vulnerable host?

Man-in- the-middle

Which of the following is used to validate the integrity of data?

MD5

Which of the following solutions should an administrator use to reduce the risk from an unknown vulnerability in a third-party software application?

Sandboxing

An active/passive configuration has an impact on:

Availability

A home invasion occurred recently in which an intruder compromised a home network and accessed a WiFi-enabled baby monitor while the baby’s parents were sleeping. Which of the following BEST describes how the intruder accessed the monitor?

Default configurations

An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.22i standard. Which of the following configuration options should the administrator select for the new wireless router?

WPA2+TKIP

A security administrator installed a new network scanner that identifies new host systems on the network. Which of the following did the security administrator install?

Rogue system detection

A security technician has been receiving alerts form several servers that indicate load balancers have had a significant increase in traffic. The technician initiates a system scan. The scan results illustrate that the disk space on several servers has reached capacity. The scan also indicates that incoming internet traffic to the servers has increased. Which of the following is the MOST likely cause of the decreased disk space?

Unauthorized software

To help prevent one job role from having sufficient access to create, modify, and approve payroll data, which of the following practices should be employed?

Least privilege

An analyst receives an alert from the SIEM showing an IP address that does not belong to the assigned network can be seen sending packets to the wrong gateway. Which of the following network devices is misconfigured and which of the following should be done to remediate the issue?

Firewall, implement an ACL on the interface

A Chief Information Officer asks the company’s security specialist if the company should spend any funds on malware protection for a specific server. Based on a risk assessment, the ARO value of a malware infection for the server is 5 and the annual cost for the malware protection is $2500. Which of the following SLE values warrants a recommendation against purchasing the malware protection?

$500

Which of the following uses precomputed hashes to guess passwords?

Rainbow tables

Which of the following attack types BEST describes a client-side attack that is used to manipulate an HTML iframe with JavaScript code via a web browser?

XSS

A security administrator receives an alert from a third-party vendor that indicates a certificate that was installed in the browser has been hijacked at the root of a small public CA. The security administrator knows there are at least four different browsers in use on more than a thousand computers in the domain worldwide. Which of the following solutions would be BEST for the security administrator to implement to most efficiently assist with this issue?

CRL

Which of the following should be used to create a hash of a source code file that can be used to ensure the file was not altered during transmission?

MD5

In determining when it may be necessary to perform a credentialed scan against a system instead of a non-credentialed scan, which of the following requirements is MOST likely to influence this decision?

The scanner must be able to audit file system permissions

A company was recently audited by a third party. The audit revealed the company’s network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?

SCP

A security analyst is investigating a potential breach. Upon gathering, documenting, and securing the evidence, which of the following actions is the NEXT step to minimize the business impact?

Launch an investigation to identify the attacking host

A recent internal audit is forcing a company to review each internal business unit’s VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exists?

System sprawl

maybe this one? Flashcards

(233 cards)