SEC+ Revision Questions Security Assessments and Audits

Question 1

As part of your security audit you would like to see what type of network traffic is being transmitted on the network. Which type of tool should you use?
A. Protocol analyser
B. Port scanner
C. Vulnerability scanner
D. Password cracker

Answer 1

A. Protocol analyser

Question 2

A network consists of 250 computers. You must determine which machines are secure and which are not. Which type of tool should you use?
A. Protocol analyser
B. Port scanner
C. Vulnerability scanner
D. Password cracker

Answer 2

C. Vulnerability scanner

Question 3

You would like to focus and track malicious activity to a particular host in your DMZ. What should you configure?
A. Honeynet
B. Honeypot
C. DMZ tracker
D. Web server

Answer 3

B. Honeypot

Question 4

Which of the following would you employ to determine which TCP and UDP ports on a host are open?
A. Vulnerability scanner
B. Packet sniffer
C. Performance Monitor
D. Port scanner

Answer 4

D. Port scanner

Question 5

Which procedure identifies assets, threats, and risks and also determines methods to minimize the impact of these threats?
A. Risk analysis
B. Vulnerability assessment
C. Port scanning
D. Network mapper

Answer 5

A. Risk analysis

Question 6

A technician must identify deviations from normal network activity. Which task must she first perform?
A. Trend analysis
B. Baseline analysis
C. Performance monitoring
D. Risk analysis

Answer 6

B. Baseline analysis

Question 7

A developer analyses source code to ensure there are no errors or potential security risks. Which term best identifies this activity?
A. Risk assessment
B. Patch management
C. Debugging
D. Code review

Answer 7

D. Code review

Question 8

A Windows computer has not been patched nor have the unnecessary services been disabled. Which of the following statements is true regarding security?
A. The computer will perform faster.
B. The computer has a large attack surface.
C. The computer has a small attack surface.
D. The computer will perform slower.

Answer 8

B. The computer has a large attack surface.

Question 9

A network security auditor simulates various network attacks against a corporate network. Which term best defines this procedure?
A. Vulnerability analysis
B. Network mapping
C. Penetration testing
D. Risk assessment

Answer 9

C. Penetration testing

Question 10

Your manager asks you to configure a collection of purposely vulnerable hosts in a DMZ for the purpose of tracking hacking attempts. What term best describes what you are configuring?
A. Honeynet
B. Honeypot
C. Firewall
D. Proxy server

Answer 10

A. Honeynet

Question 11

You run a vulnerability scan on subnet 192.168.1.0/24. The results state TCP ports 135 through 139 are open on most hosts. What does this refer to?
A. File and Print Sharing
B. Web server
C. Mail server
D. Remote Desktop Protocol

Answer 11

A. File and Print Sharing

Question 12

You are a network consultant in charge of creating a wireless network infrastructure for a hotel. Toward the end of the implementation your team evaluates the project to ensure it meets the original stated requirements. What is this called?
A. Penetration testing
B. Risk assessment
C. Design review
D. Code review

Answer 12

C. Design review

Question 13

After careful log examination you realize somebody has hacked into your WEP-secured home wireless network. What can you do to further secure wireless traffic?
A. Use WPA2 Enterprise
B. Use WPA2 PSK
C. Disable SSID broadcasting
D. Change the SSID name

Answer 13

B. Use WPA2 PSK

Question 14

What should be done to ensure your network security is effective?
A. Patch all operating systems
B. Update the BIOS on all systems
C. Periodically test network security controls
D. Upgrade to the latest version of Microsoft Office

Answer 14

C. Periodically test network security controls

Question 15

15. Which of the following is considered passive security testing?
    A. Capturing network traffic
    B. Brute-force password attack
    C. Dictionary-based disk decryption
    D. OS fingerprinting

Answer 15

A. Capturing network traffic

Question 16

From the following list, identify the security misconfiguration:
A. A domain administrative account is used as a service account.
B. An Active Directory account is used as a service account.
C. Windows stations receive updates from a WSUS server instead of the Internet.
D. The Windows Guest account is disabled.

Answer 16

A. A domain administrative account is used as a service account.

Question 17

A security auditing team has been hired to conduct network penetration tests against a network. The team has not been given any data related to the network or its layout. What type of testing will the team perform?
A. Black box
B. White box
C. Gray box
D. Blue box

Answer 17

A. Black box

Question 18

You are having trouble pinging host 192.168.17.45; there are no replies. One of your users must use the Remote Desktop Protocol (RDP) against the host to run an application. You cannot test RDP for the user because you are currently logged on locally to a Linux server with only a command line. What can you use to quickly determine whether RDP is running on 192.168.17.45?
A. Packet sniffer
B. Virus scanner
C. Wireless scanner
D. Port scanner

Answer 18

D. Port scanner

Question 19

After conducting a security audit, you inform the network owner that you discovered two unencrypted wireless networks. Your client asks how to best secure wireless traffic. Which of the following is the most secure wireless network encryption?
A. WEP
B. WPA
C. WPA2
D. WPA3

Answer 19

C. WPA2

Question 20

A security auditor must determine what types of servers are running on a network. Which type of tool should be used?
A. Network mapper
B. Protocol analyser
C. Port scanner
D. Virus scanner

Answer 20

A. Network mapper

Question 21

A security auditor discovers open wireless networks. She must recommend a secure solution. Which of the following is the most secure wireless solution?
A. 802.1x
B. WEP
C. WPA PSK
D. Disable SSID broadcast

Answer 21

A. 802.1x

Question 22

Which of the following would not be considered during a security audit?
A. Locked server rooms
B. Wireless encryption in use
C. Patch status of all hosts
D. Price of server licensing

Answer 22

D. Price of server licensing

Question 23

While auditing a Windows Active Directory environment, you discover that administrative accounts do not have configured account lockout policies. Which of the following are security concerns? (Choose two.)
A. If account lockout is enabled, administrative accounts could be locked out as a result of repeated password attempts.
B. If account lockout is not enabled, administrative accounts could be subjected to password attacks.
C. If account lockout is enabled, administrative accounts could be subjected to password attacks.
D. If account lockout is not enabled, administrative accounts could be locked out as a result of repeated password attempts.

Answer 23

A. If account lockout is enabled, administrative accounts could be locked out as a result of repeated password attempts.
&
B. If account lockout is not enabled, administrative accounts could be subjected to password attacks.

Question 24

Which type of security testing provides network configuration information to testers?
A. White box
B. Black box
C. Gray box
D. Blue box

Answer 24

A. White box

Question 25

Which type of tool scans for known security threats on a group of computers? A. Packet sniffer B. Vulnerability scanner C. Risk scanner D. Port scanner

Answer 25

B. Vulnerability scanner

Question 26

You would like an unused host to log zero-day exploit activity. What should you configure? A. Patch server B. Honeynet C. Honeypot D. Virus scanner

Answer 26

C. Honeypot

Question 27

A large wireless network currently uses WPA PSK. As part of your network audit findings, you recommend a centralized wireless authentication option. What should you recommend? A. RADIUS B. WEP C. WPA2 PSK D. TKIP

Answer 27

A. RADIUS

Question 28

You are performing a network penetration test for a client. From a command prompt you issue the command telnet smtp1.acme.com 25 to see what information is returned. Which term refers to what you have done? A. Denial of service B. Port scan C. Banner grab D. Mail grab

Answer 28

C. Banner grab

Question 29

Your company hired a consultant to implement a secure VPN solution using PKI certificates and smartcard authentication. Mark, your boss, has asked you to evaluate the implementation to ensure that the solution addresses the original need. Which term best describes what you will be doing? A. Design review B. Application security architecture review C. VPN review D. Network review

Answer 29

A. Design review

Question 30

Tribbles Inc. recently hired a security consulting firm to perform a security audit of its network at its Vulcan, Alberta, location. An excerpt of the audit findings is listed here: Date: March 6, 2013 4:53am EST Task performed: Network vulnerability scan Performed by: Lennard Kneemoy IP Subnet: 14.65.0.0 / 16 Credential used: Tribbles\Administrator Results: We were able to connect to most hosts without specifying a password. Recommendation: Harden network hosts. What is wrong with the audit findings? A. The subnet mask is incorrect. B. The IP address range is incorrect. C. The consultant ran a noncredentialed scan. D. The consultant ran a credentialed scan.

Answer 30

D. The consultant ran a credentialed scan.

Question 31

A user complains that legitimate e-mail messages from some customers are incorrectly flagged as spam by the corporate mail server. How might you explain what is happening to your user? A. The e-mail messages in question are generating false positives. B. The false positives are generating e-mail messages. C. The e-mail message in question are generating false negatives. D. The false negatives are generating e-mail messages.

Answer 31

A. The e-mail messages in question are generating false positives.

Question 32

Acme Inc. uses the 199.126.129.0/24 network address range in its DMZ. You are configuring the firewall separating the DMZ from the private network so that traffic from DMZ hosts is allowed into the private network. You issue the command router(config)#access-list 45 permit 192.168.1.0 0.0.0.255. What is the problem with this configuration? A. Access-list 55 must be used. B. 192.168.1.0 is a reserved private network address. C. The subnet mask in the router command is incorrect. D. The router needs to be rebooted.

Answer 32

B. 192.168.1.0 is a reserved private network address.

Question 33

Employee laptops must be secured when employees travel for business purposes. What can you do to harden user laptops? A. Set a CMOS password. B. Configure disk mirroring. C. Generate file hashes for all hard disk files. D. Enable verbose logging.

Answer 33

A. Set a CMOS password.

Question 34

When is baseline reporting useful? A. When conducting a penetration test B. When hardening DNS servers C. When hardening HTTPS servers D. When comparing normal activity with current activity

Answer 34

D. When comparing normal activity with current activity

Question 35

Why are penetration tests sometimes not recommended? A. They can identify security threats. B. They could degrade network performance. C. They could generate too much logging data. D. They are expensive.

Answer 35

B. They could degrade network performance.