SECnew1 Flashcards by Shalonda Cunningham

Actively monitoring data streams in search of malicious code or behavior is an example of:

content inspection

How well did you know this?

Not at all

Perfectly

Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?

NIDS

How well did you know this?

Not at all

Perfectly

The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffic on the network. Which of the following is the MOST likely cause?

NIPS is blocking activities from those specific websites

How well did you know this?

Not at all

Perfectly

Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?

Protocol analyzer

How well did you know this?

Not at all

Perfectly

Which of the following can a security administrator implement to help identify smurf attacks?

NIDS

How well did you know this?

Not at all

Perfectly

Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer? (Select TWO).

MAC filtering & Disabled SSID broadcast

How well did you know this?

Not at all

Perfectly

Which of the following functions is MOST likely performed by a web security gateway?

Content filtering

How well did you know this?

Not at all

Perfectly

Which of the following devices is often used to cache and filter content?

Proxies

How well did you know this?

Not at all

Perfectly

In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select TWO).

Firewall & VPN

How well did you know this?

Not at all

Perfectly

Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?

Load Balancer

How well did you know this?

Not at all

Perfectly

An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?

VPN Concentrator

How well did you know this?

Not at all

Perfectly

Which of the following should be installed to prevent employees from receiving unsolicited emails?

Spam Filters

How well did you know this?

Not at all

Perfectly

Which of the following should a security administrator implement to prevent users from disrupting network connectivity, if a user connects both ends of a network cable to different switch ports?

Loop protection

How well did you know this?

Not at all

Perfectly

A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?

ACLs

How well did you know this?

Not at all

Perfectly

Which of the following BEST describes the proper method and reason to implement port security?

Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.

How well did you know this?

Not at all

Perfectly

Which of the following would need to be configured correctly to allow remote access to the network?

ACLs

How well did you know this?

Not at all

Perfectly

By default, which of the following stops network traffic when the traffic is not identified in the firewall ruleset?

Implicit deny

How well did you know this?

Not at all

Perfectly

Based on logs from file servers, remote access systems, and IDS, a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss, but the insider’s lawyer insists the laptop cannot be identified. Which of the following would BEST be used to identify the specific computer used by the insider?

MAC address

How well did you know this?

Not at all

Perfectly

Applying detailed instructions to manage the flow of network traffic at the edge of the network,including allowing or denying traffic based on port, protocol, address, or direction is an implementation of which of the following?

Firewall rules

How well did you know this?

Not at all

Perfectly

Which of the following is the default rule found in a corporate firewall’s access control list?

Deny all

How well did you know this?

Not at all

Perfectly

Which of the following is BEST used to prevent ARP poisoning attacks across a network?

VLAN segregation

How well did you know this?

Not at all

Perfectly

A small company needs to invest in a new expensive database. The company’s budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional personnel and minimize the footprint in their current datacenter?

Software as a Service

How well did you know this?

Not at all

Perfectly

Which of the following is MOST likely to be the last rule contained on any firewall?

Implicit deny

How well did you know this?

Not at all

Perfectly

Which of the following cloud computing concepts is BEST described as providing an easy-to- configure OS and on-demand computing for customers?

Platform as a Service

How well did you know this?

Not at all

Perfectly

MAC filtering is a form of which of the following?

Network Access Control

How well did you know this?

Not at all

Perfectly

Reviewing an access control list on a firewall reveals a Drop All statement at the end of the rules. Which of the following describes this form of access control?

Implicit deny

How well did you know this?

Not at all

Perfectly

An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?

Virtual servers have the same information security requirements as physical servers

How well did you know this?

Not at all

Perfectly

Webmail is classified under which of the following cloud-based technologies?

Software as a Service (SaaS)

How well did you know this?

Not at all

Perfectly

A security engineer is troubleshooting a server in the DMZ, which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause?

The server is missing the default gateway

How well did you know this?

Not at all

Perfectly

Which of the following may cause a user, connected to a NAC-enabled network, to not be prompted for credentials?

The user’s PC is missing the authentication agent

How well did you know this?

Not at all

Perfectly

Which of the following would be implemented to allow access to services while segmenting access to the internal network

DMZ

How well did you know this?

Not at all

Perfectly

A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?

VLAN

How well did you know this?

Not at all

Perfectly

Which of the following is a security control that is lost when using cloud computing?

Physical control of the data

How well did you know this?

Not at all

Perfectly

Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?

ICMP

How well did you know this?

Not at all

Perfectly

Which of the following uses TCP port 22 by default?

SSH, SCP, and SFTP

How well did you know this?

Not at all

Perfectly

Which of the following allows a security administrator to set device traps?

SNMP

How well did you know this?

Not at all

Perfectly

A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel?

IPSec

How well did you know this?

Not at all

Perfectly

Which of the following protocols would be the MOST secure method to transfer files from a host machine?

SFTP

How well did you know this?

Not at all

Perfectly

Which of the following port numbers is used for SCP, by default?

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST secure method of utilizing FTP?

FTPS

How well did you know this?

Not at all

Perfectly

Which of the following protocols can be implemented to monitor network devices?

SNMP

How well did you know this?

Not at all

Perfectly

Which of the following protocols would an administrator MOST likely use to monitor the parameters of network devices?

SNMP

How well did you know this?

Not at all

Perfectly

A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives no reply; however, the technician is able to telnet to that router. Which of the following is the MOST likely cause of the security administrator being unable to ping the router?

The remote router has ICMP blocked.

How well did you know this?

Not at all

Perfectly

A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purpose?

IPv6

How well did you know this?

Not at all

Perfectly

In which of the following locations would a forensic analyst look to find a hooked process?

BIOS

How well did you know this?

Not at all

Perfectly

Which of the following file transfer protocols is an extension of SSH?

SFTP

How well did you know this?

Not at all

Perfectly

Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?

SSH

How well did you know this?

Not at all

Perfectly

The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likely occurring?

The development team is transferring data to test systems using SFTP and SCP

How well did you know this?

Not at all

Perfectly

An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?

1433

How well did you know this?

Not at all

Perfectly

If a security administrator wants to TELNET into a router to make configuration changes, which of the following ports would need to be open by default?

How well did you know this?

Not at all

Perfectly

Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?

How well did you know this?

Not at all

Perfectly

A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?

Block port 23 on the network firewall

How well did you know this?

Not at all

Perfectly

Which of the following are the default ports for HTTP and HTTPS protocols? (Select TWO

80 & 445

How well did you know this?

Not at all

Perfectly

In an 802.11 n network, which of the following provides the MOST secure method of both encryption and authorization?

WPA Enterprise

How well did you know this?

Not at all

Perfectly

Isolation mode on an AP provides which of the following functionality types?

Segmentation of each wireless user from other wireless users

How well did you know this?

Not at all

Perfectly

Which of the following is the BEST choice for encryption on a wireless network?

WPA2-PSK

How well did you know this?

Not at all

Perfectly

A user reports that their 802.11 n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last month. Which of the following is MOST likely causing the disconnections?

The new access point was mis-configured and is interfering with another nearby access point

How well did you know this?

Not at all

Perfectly

Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?

Power levels

How well did you know this?

Not at all

Perfectly

Which of the following protocols requires the use of a CA based authentication process?

PEAP-TLS

How well did you know this?

Not at all

Perfectly

When configuring multiple computers for RDP on the same wireless router, it may be necessary to do which of the following?

Forward to different RDP listening ports

How well did you know this?

Not at all

Perfectly

A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?

Decrease the power levels on the WAP

How well did you know this?

Not at all

Perfectly

Which of the following will provide the HIGHEST level of wireless network security?

WPA2

How well did you know this?

Not at all

Perfectly

Which of the following facilitates computing for heavily utilized systems and networks?

Provider cloud

How well did you know this?

Not at all

Perfectly

Risk can be managed in the following ways EXCEPT

elimination

How well did you know this?

Not at all

Perfectly

A company that purchases insurance to reduce risk is an example of which of the following?

Risk transference

How well did you know this?

Not at all

Perfectly

Which of the following is a best practice to identify fraud from an employee in a sensitive position

Mandatory vacations

How well did you know this?

Not at all

Perfectly

A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?

Mandatory vacations

How well did you know this?

Not at all

Perfectly

Instead of giving a security administrator full administrative rights on the network, the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job description. Which of the following describes this form of access control

Least Privilege

How well did you know this?

Not at all

Perfectly

A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?

How well did you know this?

Not at all

Perfectly

An administrator is updating firmware on routers throughout the company. Where should the administrator document this work?

Change Management System

How well did you know this?

Not at all

Perfectly

Due to sensitive data concerns, a security administrator has enacted a policy preventing the use of flash drives. Additionally, which of the following can the administrator implement to reduce the risk of data leakage?

Enact a policy banning users from bringing in personal music devices

How well did you know this?

Not at all

Perfectly

Performing routine security audits is a form of which of the following controls?

Detective

How well did you know this?

Not at all

Perfectly

Which of the following is MOST commonly a part of routine system audits?

User rights and permissions reviews

How well did you know this?

Not at all

Perfectly

Which of the following is a method to prevent ad-hoc configuration mistakes?

Implement a change management strategy

How well did you know this?

Not at all

Perfectly

Which of the following should be reviewed periodically to ensure a server maintains the correct security configuration?

User rights

How well did you know this?

Not at all

Perfectly

A security administrator finished taking a forensic image of a computer’s memory. Which of the following should the administrator do to ensure image integrity?

Run the image through SHA254

How well did you know this?

Not at all

Perfectly

Which of the following BEST explains the security benefit of a standardized server image?

Mandated security configurations have been made to the operating system

How well did you know this?

Not at all

Perfectly

Which of the following describes when forensic hashing should occur on a drive?

Before and after the imaging process and then hash the forensic image

How well did you know this?

Not at all

Perfectly

Which of the following assists in identifying if a system was properly handled during transport?

Chain of custody

How well did you know this?

Not at all

Perfectly

Which of the following describes the purpose of chain of custody as applied to forensic image retention?

To provide documentation as to who has handled the evidence

How well did you know this?

Not at all

Perfectly

Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?

Clean desk policy

How well did you know this?

Not at all

Perfectly

Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information?

Phishing techniques

How well did you know this?

Not at all

Perfectly

Which of the following is a reason to perform user awareness and training?

To minimize the organizational risk posed by users

How well did you know this?

Not at all

Perfectly

Used in conjunction, which of the following are P11? (Select TWO).

Birthday & Full name

How well did you know this?

Not at all

Perfectly

On-going annual awareness security training should be coupled with:

signing of a user agreement

How well did you know this?

Not at all

Perfectly

Which of the following risks may result from improper use of social networking and P2P software?

Information disclosure

How well did you know this?

Not at all

Perfectly

Which of the following is the MAIN reason to require data labeling?

To ensure that staff understands what data they are handling and processing

How well did you know this?

Not at all

Perfectly

DRPs should contain which of the following?

Hierarchical list of critical systems

How well did you know this?

Not at all

Perfectly

Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?

Business impact analysis

How well did you know this?

Not at all

Perfectly

A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described?

White box

How well did you know this?

Not at all

Perfectly

Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?

Hot and cold aisles

How well did you know this?

Not at all

Perfectly

Which of the following environmental variables reduces the potential for static discharges?

Humidity

How well did you know this?

Not at all

Perfectly

Which of the following should be considered when trying to prevent somebody from capturing network traffic?

EMI shielding

How well did you know this?

Not at all

Perfectly

With which of the following is RAID MOST concerned?

Availability

How well did you know this?

Not at all

Perfectly

Which of the following reduces the likelihood of a single point of failure when a server fails?

Clustering

How well did you know this?

Not at all

Perfectly

Which of the following is the BEST way to secure data for the purpose of retention?

Off-site backup

How well did you know this?

Not at all

Perfectly

A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability? (Select TWO).

Hardware RAID 5 & Spftware RAID 1

How well did you know this?

Not at all

Perfectly

A security administrator is in charge of a datacenter, a hot site and a cold site. Due to a recent disaster, the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensure is in place for a cold site?

Location that meets power and connectivity requirements

How well did you know this?

Not at all

Perfectly

A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following?

Fault tolerance

How well did you know this?

Not at all

Perfectly

In order to ensure high availability of all critical servers, backups of the main datacenter are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in the case of a disaster?

Having the offsite location of tapes also be the hot site

How well did you know this?

Not at all

Perfectly

Which of the following concepts ensures that the data is only viewable to authorized users?

Confidentiality

How well did you know this?

Not at all

Perfectly

A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the datacenter. Which of the following are being addressed? (Select TWO).

Confidentiality & Availability

How well did you know this?

Not at all

Perfectly

A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?

Integrity

How well did you know this?

Not at all

Perfectly

A user downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

Trojan

How well did you know this?

Not at all

Perfectly

While browsing the Internet, an administrator notices their browser behaves erratically, appears to download something, and then crashes. Upon restarting the PC, the administrator notices performance is extremely slow and there are hundreds of outbound connections to various websites. Which of the following BEST describes what has occurred?

The PC has become part of a botnet.

How well did you know this?

Not at all

Perfectly

Which of the following malware types is an antivirus scanner MOST unlikely to discover? (Select TWO).

Pharming & Logic bomb

How well did you know this?

Not at all

Perfectly

Which of the following is the primary difference between a virus and a worm?

A worm is self-replicating

How well did you know this?

Not at all

Perfectly

Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control server. If the computer is powered off, which of the following data types will be unavailable for later investigation?

Memory, network processes, and system processes

How well did you know this?

Not at all

Perfectly

Upon investigation, an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?

Rootkit

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?

Botnet

How well did you know this?

Not at all

Perfectly

Which of the following malware types is MOST commonly installed through the use of thumb drives to compromise systems and provide unauthorized access?

Trojans

How well did you know this?

Not at all

Perfectly

A system administrator could have a user level account and an administrator account to prevent:

escalation of privileges

How well did you know this?

Not at all

Perfectly

When examining HTTP server logs the security administrator notices that the company’s online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?

DoS

How well did you know this?

Not at all

Perfectly

Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?

ARP poisoning

How well did you know this?

Not at all

Perfectly

Which of the following threats corresponds with an attacker targeting specific employees of a company?

Spear phishing

How well did you know this?

Not at all

Perfectly

A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank’s privacy policy, security policy and requests that the user clearly state their name, birthday and enter the banking details to validate the user’s identity. Which of the following BEST describes this type of attack?

Vishing

How well did you know this?

Not at all

Perfectly

Which of the following is a technique designed to obtain information from a specific person?

Spear phishing

How well did you know this?

Not at all

Perfectly

Which of the following is another name for a malicious attacker?

Black hat

How well did you know this?

Not at all

Perfectly

Which of the following logical controls does a flood guard protect against?

SYN attacks

How well did you know this?

Not at all

Perfectly

Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?

Man-in-the-middle

How well did you know this?

Not at all

Perfectly

A targeted email attack sent to the company’s Chief Executive Officer (CEO) is known as which of the following?

Whaling

How well did you know this?

Not at all

Perfectly

The security administrator implemented privacy screens, password protected screen savers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate? (Select TWO).

Dumpster diving & Shoulder surfing

How well did you know this?

Not at all

Perfectly

Which of the following security threats does shredding mitigate?

Dumpster diving

How well did you know this?

Not at all

Perfectly

Which of the following attacks would password masking help mitigate?

Shoulder surfing

How well did you know this?

Not at all

Perfectly

Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?

Tailgating

How well did you know this?

Not at all

Perfectly

Which of the following is specific to a buffer overflow attack?

Initial vector

How well did you know this?

Not at all

Perfectly

Which of the following wireless attacks uses a counterfeit base station with the same SSID name as a nearby intended wireless network?

Evil twin

How well did you know this?

Not at all

Perfectly

Data can potentially be stolen from a disk encrypted, screen-lock protected, smartphone by which of the following?

Bluesnarfing

Which of the following is an unauthorized wireless router that allows access to a secure network?

Rouge access point

A security administrator performs several war driving routes each month and recently has noticed a certain area with a large number of unauthorized devices. Which of the following attack types is MOST likely occurring?

Rouge access points

Proper wireless antenna placement and radio power setting reduces the success of which of the following reconnaissance methods?

War driving

A rogue access point with the same SSID as the production wireless network is found. Which of the following BEST describes this attack?

Evil twin

A programmer allocates 16 bytes for a string variable, but does not adequately ensure that more than 16 bytes cannot be copied into the variable. This program may be vulnerable to which of the following attacks?

Buffer overflow

Which of the following MUST a programmer implement to prevent cross-site scripting?

Validate input to remove hypertext

Which of the following web application security weaknesses can be mitigated by preventing the use of HTML tags?

Cross-site scriping

During the analysis of malicious code, a security analyst discovers JavaScript being used to send random data to another service on the same system. This is MOST likely an example of which of the following?

Buffer overflow

Which of the following attacks is manifested as an embedded HTML image object or JavaScript image tag in an email?

Cross-site scriping

A web application has been found to be vulnerable to a SQL injection attack. Which of the following BEST describes the required remediation action?

Add input balidation to forms

An application log shows that the text “test; rm -rf /etc/passwd” was entered into an HTML form. Which of the following describes the type of attack that was attempted?

Command injection

Which of the following is MOST relevant to a buffer overflow attack

NOOP instructions

The detection of a NOOP sled is an indication of which of the following attacks?

Buffer overflow

Which of the following devices BEST allows a security administrator to identify malicious activity after it has occurred?

IDS

Which of the following should be enabled to ensure only certain wireless clients can access the network?

MAC filtering

Which of the following BEST describes an intrusion prevention system?

A system that stops an attack in progress

Which of the following is a best practice when securing a switch from physical access?

Disable unused ports

Which of the following can prevent an unauthorized employee from entering a datacenter? (Select TWO).

Security guard & Proximity reader

Two systems are being designed. System A has a high availability requirement. System B has a high security requirement with less emphasis on system uptime. Which of the following configurations BEST fits the need for each system?

System A fails open. System B fails closed.

Several staff members working in a datacenter have reported instances of tailgating. Which of the following could be implemented to prevent this security concern?

Mantraps

A visitor plugs their laptop into the network and receives a warning about their antivirus being out- of-date along with various patches that are missing. The visitor is unable to access the Internet or any network resources. Which of the following is the MOST likely cause?

The security posture is enabled on the network and remediation must take place before access is given to the visitor on that laptop

Which of the following is a detective security control?

CCTV

Which of the following identifies some of the running services on a system?

Determine open ports

A security administrator is tasked with revoking the access of a terminated employee. Which of the following account policies MUST be enacted to ensure the employee no longer has access to the network?

Account disablement

A company needs to be able to prevent entry, at all times, to a highly sensitive area inside a public building. In order to ensure the BEST type of physical security, which of the following should be implemented?

Mantrap

Which of the following would provide the MOST reliable proof that a datacenter was accessed at a certain time of day?

Video surveillance

Which of the following should be performed on a computer to protect the operating system from malicious software? (Select TWO).

Disable unused services & Update HIPS signatures

A new enterprise solution is currently being evaluated due to its potential to increase the company’s profit margins. The security administrator has been asked to review its security implications. While evaluating the product, various vulnerability scans were performed. It was determined that the product is not a threat but has the potential to introduce additional vulnerabilities. Which of the following assessment types should the security administrator also take into consideration while evaluating this product?

Risk Assessment

Which of the following would be the BEST action to perform when conducting a corporate vulnerability assessment?

Organize data based on severity and asset value

Which of the following is used when performing a quantitative risk analysis?

Assett value

Which of the following describes a passive attempt to identify weaknesses?

Vulnerability scanning

An existing application has never been assessed from a security perspective. Which of the following is the BEST assessment technique in order to identify the application’s security posture?

Baseline reporing

An administrator identifies a security issue on the corporate web server, but does not attempt to exploit it. Which of the following describes what the administrator has done

Vulnerability scanning

The server log shows 25 SSH login sessions per hour. However, it is a large company and the administrator does not know if this is normal behavior or if the network is under attack. Where should the administrator look to determine if this is normal behavior?

Baseline reporing

Users of specific systems are reporting that their data has been corrupted. After a recent patch update to those systems, the users are still reporting issues of data being corrupt. Which of the following assessment techniques need to be performed to identify the issue?

Vulnerability scanning

Which of the following is used when performing a qualitative risk analysis?

Judgement

Upper management decides which risk to mitigate based on cost. This is an example of:

quantitative risk assessment

A security administrator wants to know which systems are more susceptible to an attack compared to other systems on the network. Which of the following assessment tools would be MOST effective?

Vulnerability scanner

Which of the following is a management control type?

Vulnerability scanning

Which of the following devices would allow a technician to view IP headers on a data packet?

Protocol analyzer

Which of the following penetration testing types is performed by security professionals with limited inside knowledge of the network?

gray box

Which of the following is a reason to perform a penetration test?

To determine the impact of a threat against the enterprise

Penetration testing should only be used during controlled conditions with express consent of the system owner because:

penetration testing actively tests security controls and can cause system instability.

Which of the following security practices should occur initially in software development?

Secure code review

A penetration test shows that almost all database servers were able to be compromised through a default database user account with the default password. Which of the following is MOST likely missing from the operational procedures?

Application hardening

Which of the following is an example of verifying new software changes on a test system?

Patch management

Which of the following allows an attacker to identify vulnerabilities within a closed source software application?

Fuzzing

Which of the following would an administrator do to ensure that an application is secure and all unnecessary services are disabled?

Application hardening

A security administrator ensures that certain characters and commands entered on a web server are not interpreted as legitimate data and not passed on to backend servers. This is an example of which of the following?

Input validation

A business-critical application will be installed on an Internet facing server. Which of the following is the BEST security control that should be performed in conjunction with updating the application to the MOST current version?

Vendor-provided hardening documentation should be reviewed and applied

Which of the following has a programmer MOST likely failed to consider if a user entering improper input is able to crash a program?

Error handling

Which of the following is the MOST efficient way to combat operating system vulnerabilities?

Patch management

Which of the following is a hardening step of an application during the SDLC?

Secure coding concepts

Which of the following is the BEST way to mitigate data loss if a portable device is compromised?

Full Disk Encryption

Which of the following should be performed if a smartphone is lost to ensure no data can be retrieved from it?

Remote Wipe

Several classified mobile devices have been stolen. Which of the following would BEST reduce the data leakage threat?

remotely sanitize the devices

Which of the following should be used to help prevent device theft of unused assets?

Locking cabinet

Which of the following devices would be installed on a single computer to prevent intrusion?

Host-based firewall

A security administrator has been receiving support tickets for unwanted windows appearing on user’s workstations. Which of the following can the administrator implement to help prevent this from happening?

Pop-up-blockers

Which of the following would an administrator apply to mobile devices to BEST ensure the confidentiality of data?

Device Encryption

Which of the following is a security vulnerability that can be disabled for mobile device users?

GPS tracking

Which of the following software should a security administrator implement if several users are stating that they are receiving unwanted email containing advertisements?

Anti-spam

An employee stores their list of passwords in a spreadsheet on their local desktop hard drive. Which of the following encryption types would protect this information from disclosure if lost or stolen?

Mobile device

A company has remote workers with laptops that house sensitive data. Which of the following can be implemented to recover the laptops if they are lost?

GPS tracking

When decommissioning old hard drives, which of the following is the FIRST thing a security engineer should do?

Perform bit level erasure or overwrite

Which of the following devices provides storage for RSA or asymmetric keys and may assist in user authentication? (Select TWO).

Trusted platform module & Hardware Security Module

Which of the following is true about hardware encryption? (Select TWO).

It is faster than software encryption & It is available on computers using TPM

Which of the following BEST describes the function of TPM?

Hardware chip that stores encryption keys

Which of the following is MOST likely to result in data loss?

Developers copying data from production to the test environments via a USB stick

A security administrator is implementing a solution that can integrate with an existing server and provide encryption capabilities. Which of the following would meet this requirement

HSM

Which of the following are the BEST reasons to use an HSM? (Select TWO).

Generate Keys & Store Keys

A company needs to reduce the risk of employees emailing confidential data outside of the company. Which of the following describes an applicable security control to mitigate this threat?

Install a network-based DLP device

Which of the following can cause hardware based drive encryption to see slower deployment

A lack of management software

Which of the following is the MOST secure way of storing keys or digital certificates used for decryption/ encryption of SSL sessions?

HSM

Which of the following is a removable device that may be used to encrypt in a high availability clustered environment

HSM

A security administrator is implementing a solution that encrypts an employee’s newly purchased laptop but does not require the company to purchase additional hardware or software. Which of the following could be used to meet this requirement?

TPM

During incident response, which of the following procedures would identify evidence tampering by outside entities?

Hard drive hashing

Which of the following protocols only encrypts password packets from client to server?

RADIUS

Which of the following methods of access, authentication, and authorization is the MOST secure by default?

Kerberos

Which of the following uses tickets to identify users to the network?

Kerberos

A purpose of LDAP authentication services is:

a single point of user management.

When granting access, which of the following protocols uses multiple-challenge responses for authentication, authorization and audit?

RADIUS

A security administrator is setting up a corporate wireless network using WPA2 with CCMP but does not want to use PSK for authentication. Which of the following could be used to support 802.1 x authentication?

RADIUS

Which of the following authentication services would be used to authenticate users trying to access a network device?

TACACS+

Which of the following requires special handling and explicit policies for data retention and data distribution?

Personally identifiable information

Centrally authenticating multiple systems and applications against a federated user database is an example of:

single sign-on

A Human Resource manager is assigning access to users in their specific department performing the same job function. This is an example of:

role-based access control

The security administrator often observes that an employee who entered the datacenter does not match the owner of the PIN that was entered into the keypad. Which of the following would BEST prevent this situation?

Biometrics

Which of the following allows a user to have a one-time password

Tokens

Which of the following is a technical control?

Least privilege implementation

A security administrator wants to prevent users in sales from accessing their servers after 6:00 pm., and prevent them from accessing accounting’s network at all times. Which of the following should the administrator implement to accomplish these goals? (Select TWO).

Separation of duties & Time of day restrictions

A thumbprint scanner is used to test which of the following aspects of human authentication?

Something a user is

A security administrator with full administrative rights on the network is forced to change roles on a quarterly basis with another security administrator. Which of the following describes this form of access control?

Job rotation

In order to access the network, an employee must swipe their finger on a device. Which of the following describes this form of authentication?

Biometrics

A proximity card reader is used to test which of the following aspects of human authentication?

Something a user has

Which of the following would be considered multifactor authentication

Pin number and a smart card

Which of the following is a form of photo identification used to gain access into a secure location

CAC

Which of the following is a trusted OS implementation used to prevent malicious or suspicious code from executing on Linux and UNIX platforms?

SELinux

Which of the following is an example of allowing a user to perform a self-service password reset?

Password Recovery

Which of the following is an example of requiring users to have a password of 16 characters or more?

Password length requirements

A security administrator is asked to email an employee their password. Which of the following account policies MUST be set to ensure the employee changes their password promptly?

Password expiration

Employees are required to come up with a passphrase of at least 15 characters to access the corporate network. Which of the following account policies does this exemplify?

Password length

An administrator has implemented a policy that passwords expire after 60 days and cannot match their last six previously used passwords. Users are bypassing this policy by immediately changing their passwords six times and then back to the original password. Which of the following can the administrator MOST easily employ to prevent this unsecure practice, with the least administrative effort?

Create a policy that passwords cannot be changed more than once a day

Which of the following MUST be implemented in conjunction with password history, to prevent a user from re?using the same password?

Minimum age time

Which of the following represents the complexity of a password policy which enforces lower case password using letters from ‘a’ through ‘z’ where ‘n’ is the password length?

26n

Which of the following BEST describes the process of key escrow

Maintains a secured copy of a user’s private key for the sole purpose of recovering the key if it is lost

Which of the following is the primary purpose of using a digital signature? (Select TWO).

Integrity & Non-repudiation

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses:

the same key on each end of the transmission medium

Which of the following methods BEST describes the use of hiding data within other files?

Steganography

When a user first moves into their residence, the user receives a key that unlocks and locks their front door. This key is only given to them but may be shared with others they trust. Which of the following cryptography concepts is illustrated in the example above?

Symmetric key sharing

Which of the following cryptography types provides the same level of security but uses smaller key sizes and less computational resources than logarithms which are calculated against a finite field?

Elliptical curve

The BEST way to protect the confidentiality of sensitive data entered in a database table is to use

hashing

WEP is seen as an unsecure protocol based on its improper use of which of the following?

RC4

Which of the following is used in conjunction with PEAP to provide mutual authentication between peers?

MSCHAPv2

Which of the following is seen as non-secure based on its ability to only store seven uppercase characters of data making it susceptible to brute force attacks?

LAN MAN

Which of the following access control technologies provides a rolling password for one-time use?

RSA tokens

A security administrator has discovered through a password auditing software that most passwords can be discovered by cracking the first seven characters and then cracking the second part of the password. Which of the following is in use by the company?

LAN MAN

NTLM is an improved and substantially backwards compatible replacement for which of the following

passwd

Which of the following does a TPM allow for?

Full Disk Encryption

The company encryption policy requires all encryption algorithms used on the corporate network to have a key length of 128-bits. Which of the following algorithms would adhere to company policy?

AES

The security administrator wants to ensure messages traveling between point A and point B are encrypted and authenticated. Which of the following accomplishes this task?

RSA

Which of the following elements of PKI are found in a browser’s trusted root CA?

Public key

Where are revoked certificates stored?

CRL

Which of the following asymmetric encryption keys is used to encrypt data to ensure only the intended recipient can decrypt the ciphertext?

Public

Which of the following must a security administrator do when the private key of a web server has been compromised by an intruder?

Submit the public key to the CRL

Which of the following PKI implementation element is responsible for verifying the authenticity of certificate contents?

If a user wishes to receive a file encrypted with PGP, the user must FIRST supply the:

Public key

A certificate that has been compromised should be published to which of the following?

CRL

The security administrator is tasked with authenticating users to access an encrypted database. Authentication takes place using PKI and the encryption of the database uses a separate cryptographic process to decrease latency. Which of the following would describe the use of encryption in this situation?

Public key encryption to authenticate users and private keys to encrypt the database

When a certificate issuer is not recognized by a web browser, which of the following is the MOST common reason?

Self-signed certificate

Public keys are used for which of the following?

Decrypting the hash of an electronic signature

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

Key escrow

Which of the following is true about PKI? (Select TWO).

When encrypting a message with the public key, only the private key can decrypt it. AND When encrypting a message with the private key, only the public key can decrypt it

The recovery agent is used to recover the

private key

Which of the following is true about the CRL?

it should be kept public

A file has been encrypted with an employee’s private key. When the employee leaves the company, their account is deleted. Which of the following are the MOST likely outcomes? (Select TWO).

B. Use the recovery agent to decrypt the file AND D. The data is not recoverable

Which of the following is the BEST filtering device capable of stateful packet inspection?

Firewall

An employee’s workstation is connected to the corporate LAN. Due to content filtering restrictions, the employee attaches a 3G Internet dongle to get to websites that are blocked by the corporate gateway. Which of the following BEST describes a security implication of this practice?

Network bridging must be avoided otherwise it may join two networks of different classifications

Which of the following is the BEST approach to perform risk mitigation of user access control rights?

Perform routine user permission reviews

In a disaster recovery situation, operations are to be moved to an alternate site. Computers and network connectivity are already present; however, production backups are several days out-of- date. Which of the following site types is being described?

Warm site

All of the following are valid cryptographic hash functions EXCEPT:

RC4

Which of the following PKI components identifies certificates that can no longer be trusted?

CRL

Which of the following can prevent an unauthorized person from accessing the network by plugging into an open network jack?

802.1x

A digital signature provides which of the following security functions for an email message?

Non-repudiation

By default, CCMP will use which of the following to encrypt wireless transmissions?

AES

A programmer cannot change the production system directly and must have code changes reviewed and approved by the production system manager. Which of the following describes this control type?

separation of duties

ARP poison routing attacks are an example of which of the following?

Man-in-the-middle

A company hires a security firm to assess the security of the company’s network. The company does not provide the firm with any internal knowledge or documentation of the network. Which of the following should the security firm perform?

Black box

Steganography is a form of which of the following?

Security through obscurity

In a public key infrastructure, a trusted third party is also known as which of the following?

Certificate authority

Which of the following relies on creating additional traffic to congest networks? (Select TWO).

Smurf attack & DDoS

Which of the following threats are specifically targeted at high profile individuals?

Whaling

Which of the following devices is MOST commonly vulnerable to bluesnarfing?

Mobile device

Which of the following application attacks typically involves entering a string of characters and bypassing input validation to display additional information?

SQL injection

Which of the following features should be enabled on perimeter doors to ensure that unauthorized access cannot be gained in the event of a power outage?

Fail closed

Which of the following is the BEST tool to use when analyzing incoming network traffic?

Sniffer

Which of the following MOST likely has its access controlled by TACACS+? (Select TWO).

Router & Switch

Providing elastic computing resources that give a client access to more resources, allowing for distribution of large jobs across a flexible number of machines, or allowing for distributed storage of information are all hallmarks of which technology?

Cloud computing

Which of the following network security techniques can be easily circumvented by using a network sniffer?

Implementing MAC filtering on WAPs

Which of the following authentication services can be used to provide router commands to enforce policies

TACACS+

Which of the following ports is used for telnet by default

Which of the following BEST describes a malicious application that attaches itself to other files

Virus

When an attack using a publicly unknown vulnerability compromises a system, it is considered to be which of the following?

Zero day attack

A professor at a university is given two keys. One key unlocks a classroom door and the other locks it. The key used to lock the door is available to all other faculty. The key used to unlock the door is only given to the professor. Which of the following cryptography concepts is illustrated in the example above?

Asymmetric key sharing

Which of the following are often used to encrypt HTTP traffic? (Select TWO).

SSL & TLS

Which of the following attacks targets high profile individuals?

Whaling

A penetration tester is collecting a large amount of wireless traffic to perform an IV attack. Which of the following can be gained by doing this?

WEP key

Which of the following allows users in offsite locations to connect securely to a corporate office?

VPN

On a website, which of the following protocols facilitates security for data in transit?

SSL

Which of the following security controls is the BEST mitigation method to address mobile device data theft? (Select TWO).

Remote wipe & Device encryption

Which of the following BEST describes the purpose of fuzzing?

To discover buffer overflow vulnerabilities

There are several users for a particular Human Resources database that contains P11. Which of the following principles should be applied to the users in regards to privacy of information?

Least privilege

Which of the following would be a reason to implement DAC as an access control model?

The owner of the data should decide who has access

A security administrator needs to install a new switch for a conference room where two different groups will be having separate meetings. Each of the groups uses different subnets and need to have their traffic separated. Which of the following would be the SIMPLEST solution?

Create two VLANs on the switch

Which of the following would need to be added to a network device’s configuration in order to keep track of the device’s various parameters and to monitor status?

SNMP string

A user reports the ability to access the Internet but the inability to access a certain secure website. The web browser reports the site needs to be viewed under a secure connection. Which of the following is the MOST likely cause? (Select TWO).

The site is not using URL redirection & The user is not using HTTPS

Which of the following is a control that is gained by using cloud computing?

High Availablity of the data

Which of the following is the BEST way to implement data leakage prevention? (Select TWO).

Installing DLP software on all computers along with the use of policy and procedures. AND Installing DLP software on all perimeter appliances and incorporating new policies and procedures.

A tape library containing a database with sensitive information is lost in transit to the backup location. Which of the following will prevent this media from disclosing sensitive information? (Select TWO).

Full disk encryption & Database encryption

A security administrator ensures that rights on a web server are not sufficient to allow outside users to run JavaScript commands. This is an example of which of the following?

Cross-site scripting prevention

Which of the following creates a publicly accessible network and isolates the internal private network from the Internet?

DMZ

A security administrator is encrypting all smartphones connected to the corporate network. Which of the following could be used to meet this requirement?

Mobile device encryption

Using both a username and a password is an example of:

single factor authentication

Which of the following password policies are designed to increase the offline password attack time? (Select TWO).

Password complexity & Password length

GPU processing power is a mitigating factor for which of the following security concerns?

Password complexity

Which of the following can the security administrator implement to BEST prevent laptop device theft?

Cable locks

The pharmacy has paper forms ready to use if the computer systems are unavailable. Which of the following has been addressed?

Continuity of operations

Which of the following causes an issue when acquiring an image that occurs when a server hard drive is forensically examined?

Servers often use RAID

Which of the following provides the BEST metric for determining the effectiveness of a Continuity of Operations Plan or Disaster Recovery Plan?

Mean time to restore

Which of the following is the correct formula for calculating mean time to restore (MTTR)?

MTTR = (time of restore) # (time of fail)

The corporate NIDS keeps track of how each program acts and will alert the security administrator if it starts acting in a suspicious manner. Which of the following describes how the NIDS is functioning?

Behavior based

Brainscape's Knowledge GenomeTM

SECnew1 Flashcards

Brainscape's Knowledge Genome^TM