SECnew1 Flashcards
Actively monitoring data streams in search of malicious code or behavior is an example of:
content inspection
Which of the following network devices would MOST likely be used to detect but not react to suspicious behavior on the network?
NIDS
The security administrator is getting reports from users that they are accessing certain websites and are unable to download anything off of those sites. The security administrator is also receiving several alarms from the IDS about suspicious traffic on the network. Which of the following is the MOST likely cause?
NIPS is blocking activities from those specific websites
Which of the following tools provides the ability to determine if an application is transmitting a password in clear-text?
Protocol analyzer
Which of the following can a security administrator implement to help identify smurf attacks?
NIDS
Which of the following wireless security controls can be easily and quickly circumvented using only a network sniffer? (Select TWO).
MAC filtering & Disabled SSID broadcast
Which of the following functions is MOST likely performed by a web security gateway?
Content filtering
Which of the following devices is often used to cache and filter content?
Proxies
In order to provide flexible working conditions, a company has decided to allow some employees remote access into corporate headquarters. Which of the following security technologies could be used to provide remote access? (Select TWO).
Firewall & VPN
Which of the following devices is used to optimize and distribute data workloads across multiple computers or networks?
Load Balancer
An IT administrator wants to provide 250 staff with secure remote access to the corporate network. Which of the following BEST achieves this requirement?
VPN Concentrator
Which of the following should be installed to prevent employees from receiving unsolicited emails?
Spam Filters
Which of the following should a security administrator implement to prevent users from disrupting network connectivity, if a user connects both ends of a network cable to different switch ports?
Loop protection
A user is no longer able to transfer files to the FTP server. The security administrator has verified the ports are open on the network firewall. Which of the following should the security administrator check?
ACLs
Which of the following BEST describes the proper method and reason to implement port security?
Apply a security control which ties specific ports to end-device MAC addresses and prevents additional devices from being connected to the network.
Which of the following would need to be configured correctly to allow remote access to the network?
ACLs
By default, which of the following stops network traffic when the traffic is not identified in the firewall ruleset?
Implicit deny
Based on logs from file servers, remote access systems, and IDS, a malicious insider was stealing data using a personal laptop while connected by VPN. The affected company wants access to the laptop to determine loss, but the insider’s lawyer insists the laptop cannot be identified. Which of the following would BEST be used to identify the specific computer used by the insider?
MAC address
Applying detailed instructions to manage the flow of network traffic at the edge of the network,including allowing or denying traffic based on port, protocol, address, or direction is an implementation of which of the following?
Firewall rules
Which of the following is the default rule found in a corporate firewall’s access control list?
Deny all
Which of the following is BEST used to prevent ARP poisoning attacks across a network?
VLAN segregation
A small company needs to invest in a new expensive database. The company’s budget does not include the purchase of additional servers or personnel. Which of the following solutions would allow the small company to save money on hiring additional personnel and minimize the footprint in their current datacenter?
Software as a Service
Which of the following is MOST likely to be the last rule contained on any firewall?
Implicit deny
Which of the following cloud computing concepts is BEST described as providing an easy-to- configure OS and on-demand computing for customers?
Platform as a Service
MAC filtering is a form of which of the following?
Network Access Control
Reviewing an access control list on a firewall reveals a Drop All statement at the end of the rules. Which of the following describes this form of access control?
Implicit deny
An administrator is taking an image of a server and converting it to a virtual instance. Which of the following BEST describes the information security requirements of a virtualized server?
Virtual servers have the same information security requirements as physical servers
Webmail is classified under which of the following cloud-based technologies?
Software as a Service (SaaS)
A security engineer is troubleshooting a server in the DMZ, which cannot be reached from the Internet or the internal network. All other servers on the DMZ are able to communicate with this server. Which of the following is the MOST likely cause?
The server is missing the default gateway
Which of the following may cause a user, connected to a NAC-enabled network, to not be prompted for credentials?
The user’s PC is missing the authentication agent
Which of the following would be implemented to allow access to services while segmenting access to the internal network
DMZ
A security administrator needs to separate two departments. Which of the following would the administrator implement to perform this?
VLAN
Which of the following is a security control that is lost when using cloud computing?
Physical control of the data
Which of the following protocols should be blocked at the network perimeter to prevent host enumeration by sweep devices?
ICMP
Which of the following uses TCP port 22 by default?
SSH, SCP, and SFTP
Which of the following allows a security administrator to set device traps?
SNMP
A security administrator needs to implement a site-to-site VPN tunnel between the main office and a remote branch. Which of the following protocols should be used for the tunnel?
IPSec
Which of the following protocols would be the MOST secure method to transfer files from a host machine?
SFTP
Which of the following port numbers is used for SCP, by default?
22
Which of the following is the MOST secure method of utilizing FTP?
FTPS
Which of the following protocols can be implemented to monitor network devices?
SNMP
Which of the following protocols would an administrator MOST likely use to monitor the parameters of network devices?
SNMP
A remote office is reporting they are unable to access any of the network resources from the main office. The security administrator realizes the error and corrects it. The administrator then tries to ping the router at the remote office and receives no reply; however, the technician is able to telnet to that router. Which of the following is the MOST likely cause of the security administrator being unable to ping the router?
The remote router has ICMP blocked.
A network administrator is implementing a network addressing scheme that uses a long string of both numbers and alphanumeric characters to create addressing options and avoid duplicates. Which of the following describes a protocol built for this purpose?
IPv6
In which of the following locations would a forensic analyst look to find a hooked process?
BIOS
Which of the following file transfer protocols is an extension of SSH?
SFTP
Which of the following secure protocols is MOST commonly used to remotely administer Unix/Linux systems?
SSH
The security administrator notices a number of TCP connections from the development department to the test network segregation. Large volumes of data are being transmitted between the two networks only on port 22. Which of the following is MOST likely occurring?
The development team is transferring data to test systems using SFTP and SCP
An administrator who wishes to block all database ports at the firewall should include which of the following ports in the block list?
1433
If a security administrator wants to TELNET into a router to make configuration changes, which of the following ports would need to be open by default?
23
Which of the following ports would a security administrator block if the administrator wanted to stop users from accessing outside SMTP services?
25
A network consists of various remote sites that connect back to two main locations. The security administrator needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?
Block port 23 on the network firewall
Which of the following are the default ports for HTTP and HTTPS protocols? (Select TWO
80 & 445
In an 802.11 n network, which of the following provides the MOST secure method of both encryption and authorization?
WPA Enterprise
Isolation mode on an AP provides which of the following functionality types?
Segmentation of each wireless user from other wireless users
Which of the following is the BEST choice for encryption on a wireless network?
WPA2-PSK
A user reports that their 802.11 n capable interface connects and disconnects frequently to an access point that was recently installed. The user has a Bluetooth enabled laptop. A company in the next building had their wireless network breached last month. Which of the following is MOST likely causing the disconnections?
The new access point was mis-configured and is interfering with another nearby access point
Which of the following should the security administrator look at FIRST when implementing an AP to gain more coverage?
Power levels
Which of the following protocols requires the use of a CA based authentication process?
PEAP-TLS
When configuring multiple computers for RDP on the same wireless router, it may be necessary to do which of the following?
Forward to different RDP listening ports
A technician needs to limit the wireless signal from reaching outside of a building. Which of the following actions should the technician take?
Decrease the power levels on the WAP
Which of the following will provide the HIGHEST level of wireless network security?
WPA2
Which of the following facilitates computing for heavily utilized systems and networks?
Provider cloud
Risk can be managed in the following ways EXCEPT
elimination
A company that purchases insurance to reduce risk is an example of which of the following?
Risk transference
Which of the following is a best practice to identify fraud from an employee in a sensitive position
Mandatory vacations
A security administrator with full administrative rights on the network is forced to temporarily take time off of their duties. Which of the following describes this form of access control?
Mandatory vacations
Instead of giving a security administrator full administrative rights on the network, the administrator is given rights only to review logs and update security related network devices. Additional rights are handed out to network administrators for the areas that fall within their job description. Which of the following describes this form of access control
Least Privilege
A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?
Privacy policy
An administrator is updating firmware on routers throughout the company. Where should the administrator document this work?
Change Management System
Due to sensitive data concerns, a security administrator has enacted a policy preventing the use of flash drives. Additionally, which of the following can the administrator implement to reduce the risk of data leakage?
Enact a policy banning users from bringing in personal music devices
Performing routine security audits is a form of which of the following controls?
Detective
Which of the following is MOST commonly a part of routine system audits?
User rights and permissions reviews
Which of the following is a method to prevent ad-hoc configuration mistakes?
Implement a change management strategy
Which of the following should be reviewed periodically to ensure a server maintains the correct security configuration?
User rights
A security administrator finished taking a forensic image of a computer’s memory. Which of the following should the administrator do to ensure image integrity?
Run the image through SHA254
Which of the following BEST explains the security benefit of a standardized server image?
Mandated security configurations have been made to the operating system
Which of the following describes when forensic hashing should occur on a drive?
Before and after the imaging process and then hash the forensic image
Which of the following assists in identifying if a system was properly handled during transport?
Chain of custody
Which of the following describes the purpose of chain of custody as applied to forensic image retention?
To provide documentation as to who has handled the evidence
Which of the following is a policy that would force all users to organize their areas as well as help in reducing the risk of possible data theft?
Clean desk policy
Which of the following will educate employees about malicious attempts from an attacker to obtain bank account information?
Phishing techniques
Which of the following is a reason to perform user awareness and training?
To minimize the organizational risk posed by users
Used in conjunction, which of the following are P11? (Select TWO).
Birthday & Full name
On-going annual awareness security training should be coupled with:
signing of a user agreement
Which of the following risks may result from improper use of social networking and P2P software?
Information disclosure
Which of the following is the MAIN reason to require data labeling?
To ensure that staff understands what data they are handling and processing
DRPs should contain which of the following?
Hierarchical list of critical systems
Recovery Point Objectives and Recovery Time Objectives directly relate to which of the following BCP concepts?
Business impact analysis
A security firm has been engaged to assess a software application. A production-like test environment, login details, production documentation and source code have been provided. Which of the following types of testing is being described?
White box
Which of the following environmental controls would BEST be used to regulate cooling within a datacenter?
Hot and cold aisles
Which of the following environmental variables reduces the potential for static discharges?
Humidity
Which of the following should be considered when trying to prevent somebody from capturing network traffic?
EMI shielding
With which of the following is RAID MOST concerned?
Availability
Which of the following reduces the likelihood of a single point of failure when a server fails?
Clustering
Which of the following is the BEST way to secure data for the purpose of retention?
Off-site backup
A security administrator is tasked with ensuring that all servers are highly available and that hard drive failure will not affect an individual server. Which of the following configurations will allow for high availability? (Select TWO).
Hardware RAID 5 & Spftware RAID 1
A security administrator is in charge of a datacenter, a hot site and a cold site. Due to a recent disaster, the administrator needs to ensure that their cold site is ready to go in case of a disaster. Which of the following does the administrator need to ensure is in place for a cold site?
Location that meets power and connectivity requirements
A critical system in the datacenter is not connected to a UPS. The security administrator has coordinated an authorized service interruption to resolve this issue. This is an example of which of the following?
Fault tolerance
In order to ensure high availability of all critical servers, backups of the main datacenter are done in the middle of the night and then the backup tapes are taken to an offsite location. Which of the following would ensure the minimal amount of downtime in the case of a disaster?
Having the offsite location of tapes also be the hot site
Which of the following concepts ensures that the data is only viewable to authorized users?
Confidentiality
A security administrator working for a health insurance company needs to protect customer data by installing an HVAC system and a mantrap in the datacenter. Which of the following are being addressed? (Select TWO).
Confidentiality & Availability
A bulk update process fails and writes incorrect data throughout the database. Which of the following concepts describes what has been compromised?
Integrity
A user downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?
Trojan
While browsing the Internet, an administrator notices their browser behaves erratically, appears to download something, and then crashes. Upon restarting the PC, the administrator notices performance is extremely slow and there are hundreds of outbound connections to various websites. Which of the following BEST describes what has occurred?
The PC has become part of a botnet.
Which of the following malware types is an antivirus scanner MOST unlikely to discover? (Select TWO).
Pharming & Logic bomb
Which of the following is the primary difference between a virus and a worm?
A worm is self-replicating
Logs from an IDS show that a computer has been compromised with a botnet and is actively communicating with a command and control server. If the computer is powered off, which of the following data types will be unavailable for later investigation?
Memory, network processes, and system processes
Upon investigation, an administrator finds a suspicious system-level kernel module which modifies file system operations. This is an example of which of the following?
Rootkit
Which of the following is the MOST likely cause of a single computer communicating with an unknown IRC server and scanning other systems on the network?
Botnet
Which of the following malware types is MOST commonly installed through the use of thumb drives to compromise systems and provide unauthorized access?
Trojans
A system administrator could have a user level account and an administrator account to prevent:
escalation of privileges
When examining HTTP server logs the security administrator notices that the company’s online store crashes after a particular search string is executed by a single external user. Which of the following BEST describes this type of attack?
DoS
Which of the following would allow traffic to be redirected through a malicious machine by sending false hardware address updates to a switch?
ARP poisoning
Which of the following threats corresponds with an attacker targeting specific employees of a company?
Spear phishing
A user receives an automated call which appears to be from their bank. The automated recording provides details about the bank’s privacy policy, security policy and requests that the user clearly state their name, birthday and enter the banking details to validate the user’s identity. Which of the following BEST describes this type of attack?
Vishing
Which of the following is a technique designed to obtain information from a specific person?
Spear phishing
Which of the following is another name for a malicious attacker?
Black hat
Which of the following logical controls does a flood guard protect against?
SYN attacks
Which of the following attacks is BEST described as the interruption of network traffic accompanied by the insertion of malicious code?
Man-in-the-middle
A targeted email attack sent to the company’s Chief Executive Officer (CEO) is known as which of the following?
Whaling
The security administrator implemented privacy screens, password protected screen savers, and hired a secure shredding and disposal service. Which of the following attacks is the security administrator trying to mitigate? (Select TWO).
Dumpster diving & Shoulder surfing
Which of the following security threats does shredding mitigate?
Dumpster diving
Which of the following attacks would password masking help mitigate?
Shoulder surfing
Which of the following is an example of allowing another user physical access to a secured area without validation of their credentials?
Tailgating
Which of the following is specific to a buffer overflow attack?
Initial vector
Which of the following wireless attacks uses a counterfeit base station with the same SSID name as a nearby intended wireless network?
Evil twin