Security 2

Question 1

An attacker would like to target a company and redirect their legitimate traffic to other sites. Which of the following attacks would be used to cause this malicious
URL redirection?

A.
Botnet

B.
Backdoor

C.
DNS Poisoning

D.
Phishing

Answer 1

C

Question 2

When performing a risk analysis, which of the following is considered a threat?

A.
The potential exploitation of vulnerability

B.
The transference of risk to another party

C.
The presence of a risk in the environment

D.
The lack of mitigation for vulnerabilities

Answer 2

A

Question 3

A recent security audit revealed the company is lacking deterrent security controls. Which of the following could be implemented to address this finding?

A.
Rogue machine detection

B.
Continuous security monitoring

C.
Security cameras

D.
Intrusion detection system

Answer 3

C

Question 4

A research user needs to transfer multiple terabytes of data across a network. The data is not confidential, so for performance reasons, does not need to be
encrypted. However, the authentication process must be confidential. Which of the following is the BEST solution to satisfy these requirements?

A.
Secured LDAP

B.
Kerberized FTP

C.
SCP

D.
SAML 2.0

Answer 4

B

Question 5

Which of the following is a contract with a service provider that typically includes performance parameters like MTBF and MTTR?

A.
SLA

B.
NDA

C.
ISA

D.
MOU

E.
ALE

Answer 5

A

Question 6

Several computers in an organization are running below the normal performance baseline. A security administrator inspects the computers and finds the following
pieces of information:
– Several users have uninstalled the antivirus software
– Some users have installed unauthorized software
– Several users have installed pirated software
– Some computers have had automatic updating disabled after being deployed
– Users have experienced slow responsiveness when using the Internet browser
– Users have complete control over critical system properties
Which of the following solutions would have prevented these issues from occurring? (Select TWO).

A.
Using snapshots to revert unwanted user changes

B.
Using an IPS instead of an antivirus

C.
Placing users in appropriate security groups

D.
Disabling unnecessary services

E.
Utilizing an application whitelist

F.
Utilizing an application blacklist

Answer 6

C, E

Question 7

An administrator must select an algorithm for creating hashes of critical system files in order to later detect any unauthorized changes. Which of the following could
the administrator use? (Select TWO).

A.
3DES

B.
Diffie-Hellman

C.
CHAP

D.
RIPEMD

E.
RSA

F.
AES-256

G.
SHA-512

Answer 7

D, G

Question 8

A recent regulatory audit discovers a large number of former employees with active accounts. Terminated users are removed from the HR system but not from
Active Directory. Which of the following processes would close the gap identified?

A.
Send a recurring email to managers with a link to IT Security policies.

B.
Perform routine audits against the HR system and Active Directory.

C.
Set an account expiration date for all Active Directory accounts to expire annually.

D.
Conduct permissions reviews in Active Directory for group membership.

Answer 8

B

Question 9

After responding to a virus detection notification, a security technician has been tasked with discovering how the virus was downloaded to the client computer.
Which of the following would BEST provide the technician with information related to the attack vector?

A.
Vulnerability scanning logs

B.
NIPS alerts

C.
Surveillance videos

D.
Proxy logs

Answer 9

D

Question 10

An employee connects to a public wireless hotspot during a business trip. The employee attempts to go to a secure website, but instead connects to an attacker
who is performing a man-in-the-middle attack. Which of the following should employees do to mitigate the vulnerability described in the scenario?

A.
Connect to a VPN when using public wireless networks

B.
Only connect to WPA2 networks regardless of whether the network is public or private

C.
Ensure a host-based firewall is installed and running when using public wireless networks

D.
Check the address in the web browser before entering credentials

Answer 10

D

Question 11

During a recent audit, it was discovered that several database services were running with local user accounts named “admin” and “dbadmin”. The following controls
will prevent network administrators from using these types of usernames for services in the future? (Select TWO)

A.
Use shared account policies

B.
Prohibit generic or default accounts

C.
Perform continuous access monitoring

D.
Perform user account access reviews

E.
Require dedicated service accounts

Answer 11

B, E

Question 12

A major banking institution has been the victim of recurring, widespread fraud. The fraud has all occurred on the bank’s web portal. Recently, the bank implemented
a requirement for all users to obtain credentials in person at a physical office. However, this has not reduced the amount of fraud against legitimate customers.
Based on a review of the logs, most fraudulent transactions appear to be conducted with authentic credentials. Which of the following controls should be
strengthened to reduce the fraud through the website?

A.
Authentication

B.
DAC

C.
Identification

D.
Authorization

Answer 12

D

Question 13

During an audit of a software development organization, an auditor found that the organization did not properly follow industry best practices including peer review
and board approval prior to moving applications into the production environment. The auditor recommended adapting a formal process incorporating these steps.
To remediate the finding, the organization implemented:

A.
incident management.

B.
a configuration management board.

C.
asset management.

D.
change management.

Answer 13

D

Question 14

A web server at an organization has been the target of distributed denial of service attacks. Which of the following, if correctly configured, would BEST mitigate
these and future attacks?

A.
SYN cookies

B.
Implicit deny

C.
Blacklisting

D.
URL filter

Answer 14

A

Question 15

A network has been impacted by downtime resulting from unauthorized devices connecting directly to the wired network. The network administrator has been
tasked to research and evaluate technical controls that would effectively mitigate risks associated with such devices. Which of the following capabilities would be
MOST suitable for implementation in this scenario?

A.
Host hardening

B.
NIDS

C.
VLAN trunking

D.
Loop protection

E.
Port security

Answer 15

E

Question 16

A security engineer notices that unknown devices are connecting to the company’s wireless network and trying to access the database server. The wireless access
point is configured with WPA for encryption and the network administrator setup an digit pin for easy setup to the wireless access point. Which of the following is the
MOST likely type of attack?

A.
IV attack

B.
WPS attack

C.
Bluesnarfing attack

D.
Replay attack

Answer 16

B

Question 17

A system administrator is troubleshooting an issue affecting some FTP connections. Some employees are unable to upload or download files, although the firewall
is allowing the default FTP port. Which of the following can the administrator do to fix this case?

A.
Disable the use PASV in the FTP client

B.
Configure all FTP clients to use BIN transfer

C.
Enable inbound TCP port 20 on the firewall

D.
Enable both port 21 and 22 on the firewall

Answer 17

A

Question 18

A PKI architect is implementing a corporate enterprise solution. The solution must incorporate key escrow and recovery agents, as well as a tiered architecture.
Which of the following is required to implement the architecture correctly?

A.
Certificate revocation list

B.
Strong ciphers

C.
Intermediate authorities

D.
IPSec between CAs

Answer 18

C

Question 19

A systems administrator is working with a third party to establish the automated transfer of large amounts of proprietary data. The interface will need to use secured
credentials and the transmission will consist of data that has been encrypted prior to transit and needs no additional protection. Which of the following would be the
MOST efficient method of data transmission given the established requirements?

A.
SSH

B.
TFTP

C.
FTP

D.
FTPS

Answer 19

A

Question 20

A high traffic website is experiencing numerous brute force attacks against its user base. The attackers are using a very large botnet to carry out the attack. As a
result, many users passwords are being compromised Which of the following actions is appropriate for the website administrator to take in order to reduce the
threat from this type of attack in the future. .

A.
Temporarily ban each IP address after five failed login attempts

B.
Prevent users from using dictionary words that they have used before.

C.
Prevent users from using passwords they have used before.

D.
Require user passwords to be at least ten characters in length

Answer 20

D

Question 21

A security administrator is responsible for deployment of a new two factor authentication solution. The administrator has been informed that the solution will use soft
tokens. Which of the following are valid token password schemes for the two factor solution being deployed? (Select TWO)

A.
CHAP

B.
PAP

C.
NTLMv2

D.
HMAC

E.
Smart card

F.
Time-based

Answer 21

A, D

Question 22

The border firewall rules were recently modified by a network administrator to allow access to a new service on Server 1 using the default https port. When testing
the new rules internal to the company network there are no issues and when testing from an external connection it does not work. The host running the service
does not receive external packets. Other services hosted on Server 1 are responding fine to to both internal and external connection attempts. Which of the
following is MOST likely configured improperly?

A.
Network access control lists

B.
802.1x

C.
Port security

D.
Implicit deny

Answer 22

A

Question 23

Joe has been in the same IT position for the last 27 years and has developed a lot of homegrown applications that the company utilizes. The company is concerned
that Joe is the only one who can administer these applications. The company should enforce which of the following best security practices and avoid Joe being a
single point of failure?

A.
Separation of duties

B.
Least privilege

C.
Job rotation

D.
Mandatory vacation

Answer 23

C

Question 24

The Chief Security Officer (CSO) is concerned with unauthorized access at the company’s off-site datacenter. The CSO would like to enhance the security posture
of the datacenter. Which of the following would BEST prevent unauthorized individuals from gaining access to the datacenter?

A.
Security guard

B.
Video monitoring

C.
Magnetic entry cards

D.
Fencing

Answer 24

A

Question 25

Which of the following is MOST effective at cracking hashed passwords?

A.
Rainbow tables

B.
Dictionary attack

C.
Birthday attack

D.
Brute force attack

Answer 25

A

Question 26

An enterprise needs to be able to receive files that contain PII from many customers at different times. The data must remain encrypted during transport and while
at rest. Which of the following encryption solutions would meet both of these requirements?

A.
PGP

B.
SCP

C.
SSL

D.
TLS

Answer 26

A

Question 27

A company provides wireless access for employees and a guest wireless network for visitors. The employee wireless network is encrypted and requires a
password. The guest wireless network does not use an encrypted connection and does not require a password. An administrator walks by a visitor’s laptop and
notices the following command line output:
reaver – I mon – b 7a : E5 : 9A : 42 : 2C : C1 – vv
Starting…..
[+] Trying pin 12345678
[+] 93.41% complete @ 2015-01-10 10:30:21 (15 seconds)
[!] WARNING: 10 failed connections in a row
[+] Trying pin 12345688
…
Which of the following should the administrator implement and why?

A.
Initiate employee password changes because the visitor has captured passwords and is attempting offline cracking of those passwords.

B.
Implement two-factor wireless authentication because the visitor will eventually brute force the network key.

C.
Apply WPA or WPA2 encryption because the visitor is trying to crack the employee network that is encrypted with WEP.

D.
Disable WPS because the visitor is trying to crack the employee network.

E.
Apply MAC filtering because the visitor already has the network password.

Answer 27

D

Question 28

A firewall administrator has been instructed to block common Microsoft file sharing ports due to a recent malware outbreak. Which of the following ports should be
blocked by the firewall? (Select TWO).

A.
TCP/137

B.
UDP/137

C.
TCP/139

D.
UDP/139

E.
TCP/443

F.
UDP/443

G.
TCP/445

H.
UDP/445

Answer 28

C, G

Question 29

A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a
system file was compromised? (Select TWO).

A.
AES

B.
PGP

C.
SHA

D.
MD5

E.
ECDHE

Answer 29

C, D

Question 30

A company hosts sites for multiple vendors and provides information to users globally. Which of the following is a critical security consideration in this environment?

A.
Proxy servers to enforce a single access mechanism to the data warehouse

B.
Firewalls to ensure that the data warehouse is not accessible to the Internet

C.
Access controls to prevent users from accessing the entire data warehouse

D.
Query protocols should use non-standard ports to protect user result-sets

Answer 30

C

Question 31

A security administrator wishes to implement a secure method of file transfer when communicating with outside organizations. Which of the following protocols
would BEST facilitate secure file transfers? (Select TWO).

A.
SCP

B.
TFTP

C.
SNMP

D.
FTP

E.
SMTP

F.
FTPS

Answer 31

A, F

Question 32

As their data set rapidly grows and changes, a company is experiencing availability problems with their database. The security manager recommends switching to a
more scalable system with dynamic schemas. Which of the following would meet the security manager’s requirements?

A.
SSDs

B.
NoSQL

C.
MariaDB

D.
RDBMS

Answer 32

B

Question 33

Which of the following should be implemented to enforce the corporate policy requiring up-to-date antivirus and OS patches on all computers connecting to the
network via VPN?

A.
VLAN

B.
NAT

C.
NAC

D.
DMZ

Answer 33

C

Question 34

A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours,
but there are still concerns regarding the physical safety of the equipment after business hours. Which of the following controls would BEST address this security
concern?

A.
Host-based firewall

B.
Cable locks

C.
Locking cabinets

D.
Surveillance video

Answer 34

C

Question 35

Which of the following BEST represents a security challenge faced primarily by organizations employing a mobility BYOD strategy?

A.
Balancing between the security of personal information and the company’s information sharing requirements.

B.
Balancing between the assurance of individual privacy rights and the security of corporate data.

C.
Balancing between device configuration enforcement and the management of cryptographic keys.

D.
Balancing between the financial security of the company and the financial security of the user.

Answer 35

B

Question 36

The Chief Security Officer (CSO) has issued a new policy that requires that all internal website be configured for HTTPS traffic only. The network administrator has
been tasked to update all internal sites without incurring additional costs. Which of the following is the BEST solution for the network administrator to secure each
internal website?

A.
Use certificates signed by the company CA.

B.
Use a signing certificate as a wild card certificate.

C.
Use certificates signed by a public CA.

D.
Use a self-signed certificate on each internal server

Answer 36

A

Question 37

A third party has been contracted to perform a remote penetration test of the DMZ network. The company has only provided the third party with the billing
department contact information for final payment and a technical point of contact who will receive the penetration test results. Which of the following tests will be
performed?

A.
Gray Box

B.
White Box

C.
Black Box

D.
False Positive

Answer 37

C

Question 38

A security administrator receives reports from various organizations that a system on the company network is port scanning hosts on various networks across the
Internet. The administrator determines that the compromised system is a Linux host and notifies the owner that the system will be quarantined and isolated from the
network. The system does not contain confidential data, and the root user was not compromised. The administrator would like to know how the system was
compromised, what the attackers did, and what remnants the attackers may have left behind. Which of the following are the administrator’s NEXT steps in the
investigation? (Select TWO).

A.
Reinstall the procps package in case system utilities were modified.

B.
Look for recently modified files in user and tmp directories.

C.
Switch SELinux to enforcing mode and reboot.

D.
Monitor perimeter firewall for suspicious traffic from the system.

E.
Check running processes and kernel modules.

F.
Remove unnecessary accounts and services.

Answer 38

B, E

Question 39

A security manager has noticed several unrecognized devices connecting to the company’s internal wireless network. Only company-issued devices should be
connected to the network. Which of the following controls should be implemented to prevent the unauthorized devices from connecting to the wireless network?
(Select TWO).

A.
MAC filtering

B.
Create a separate wireless VLAN

C.
Implement 802.11n

D.
Enable WPA2

E.
Configure DHCP reservations

Answer 39

A, D

Question 40

A vulnerability in the underlying SSL/TLS library used by a web server has been announced. The vulnerability allows an attacker to access the web server’s
memory. Which of the following actions should be taken after the vulnerability is patched? (Select TWO).

A.
Implement a web application firewall

B.
Instruct users of the website to change their passwords

C.
Replace the server’s private key

D.
Reissue the SSL certificate

E.
Create a new recovery agent

F.
Change the cipher order on the server

Answer 40

C, D

Question 41

An administrator learns that port 389 will soon be blocked by the internal firewall for security reasons. Which of the following should the administrator now use to
maintain compatibility with most applications?

A.
SMTPS

B.
LDAPS

C.
SAML

D.
Kerberos

Answer 41

B

Question 42

A security administrator is implementing a new feature on the company extranet server to provide client access to track the status of products the company makes.
Which of the following will use a configuration baseline to reduce cross-site scripting and cross-site request forgery on the new feature?

A.
Web application firewall

B.
Reverse proxy

C.
Database activity monitor

D.
Application hardening guidelines

Answer 42

A

Question 43

A plant security officer is continually losing connection to two IP cameras that monitor several critical high voltage motors. Which of the following should the network
administrator do to BEST ensure the availability of the IP camera connections?

A.
Use a wireless bridge instead of the network cables

B.
Replace patch cables with shielded cables

C.
Change existing cables with optical cables

D.
Add new conduit runs for the network cables

Answer 43

C

Question 44

A UNIX server recently had restricted directories deleted as the result of an insider threat. The root account was used to delete the directories while logged on at the
server console. There are five administrators that know the root password. Which of the following could BEST identify the administrator that removed the restricted
directories?

A.
DHCP logs

B.
CCTV review

C.
DNS logs

D.
Network traffic

Answer 44

B

Question 45

Two visitors connected their laptops to the wired internal network and immediately began consuming excessive amounts of bandwidth. Which of the following can
the administrator implement to mitigate these type of issues in the future?

A.
Port security

B.
Flood guards

C.
VLAN configuration

D.
Loop protection

Answer 45

B

Question 46

Which of the following is important to reduce risk?

A.
Separation of duties

B.
Risk acceptance

C.
Risk transference

D.
Threat modeling

Answer 46

A

Question 47

A database server has been compromised. A local user logged into the console and exploited a vulnerability caused by a missing operating system patch to get a
system level command shell. Which of the following does this represent?

A.
Zero-day exploit

B.
Buffer overflow

C.
SQL injection attack

D.
Privilege escalation

Answer 47

D

Question 48

A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The
assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using
in-house or cheaply available resources. There cannot be a possibility of any equipment being damaged in the test. Which of the following has the administrator
been tasked to perform?

A.
Risk transference

B.
Penetration test

C.
Threat assessment

D.
Vulnerability assessment

Answer 48

D

Question 49

A company utilizes a copier on the finance subnet. The security administrator is worried that the copier could have undisclosed vulnerabilities, as it has an
embedded operating system that can not be maintained. Which of the following should the administrator do to reduce the attack surface of the copier?

A.
Add an ACL to the switch that restricts network traffic to LPR packets

B.
Install antivirus software on the copier and enable its host-based firewall

C.
Update the copier drivers on the finance PCs and enable HIPS on the PCs

D.
Create a new VLAN and separate the copier and finance department onto the new VLAN

Answer 49

D

Question 50

A network administrator recently implemented two caching proxy servers on the network. How can the network administrator BEST aggregate the log files for the
proxy servers?

Answer 50

A

Question 51

A new hire wants to use a personally owned phone to access company resources. The new hire expresses concern about what happens to the data on the phone
when they leave the company. Which of the following portions of the company’s mobile device management configuration would allow the company data to be
removed from the device without touching the new hire’s data?

A.
Asset control

B.
Device access control

C.
Storage lock out

D.
Storage segmentation

Answer 51

D

Question 52

A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security
administrator implement?

A.
Whitelisting

B.
Anti-malware

C.
Application hardening

D.
Blacklisting

E.
Disable removable media

Answer 52

D

Question 53

A malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing?

A.
Header manipulation

B.
Cookie hijacking

C.
Cross-site scripting

D.
XML injection

Answer 53

C

Question 54

Which of the following can affect electrostatic discharge in a network operations center?

A.
Fire suppression

B.
Environmental monitoring

C.
Proximity card access

D.
Humidity controls

Answer 54

D

Question 55

A security administrator is evaluating three different services: Radius, Diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos?

A.
It provides authentication services

B.
It uses tickets to identify authenticated users

C.
It provides single sign-on capability

D.
It uses XML for cross-platform interoperability

Answer 55

B

Question 56

A security administrator has been asked to implement a VPN that will support remote access over IPsec Which of the following is an encryption algorithm that
would meet this requirement?

A.
MD5

B.
AES

C.
UDP

D.
PKI

Answer 56

B

Question 57

Which of the following is commonly used for federated identity management across multiple organizations?

A.
SAML

B.
Active Directory

C.
Kerberos

D.
LDAP

Answer 57

A

Question 58

The process of applying a salt and cryptographic hash to a password then repeating the process many times is known as which of the following?

A.
Collision resistance

B.
Rainbow table

C.
Key stretching

D.
Brute force attack

Answer 58

C

Question 59

Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company’s public facing
website in the DMZ. Joe is using steganography to hide stolen data. Which of the following controls can be implemented to mitigate this type of inside threat?

A.
Digital signatures

B.
File integrity monitoring

C.
Access controls

D.
Change management

E.
Stateful inspection firewall

Answer 59

B

Question 60

An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After
undergoing several audits, the owner determined that current levels of non-repudiation were insufficient. Which of the following capabilities would be MOST
appropriate to consider implementing is response to the new requirement?

A.
Transitive trust

B.
Symmetric encryption

C.
Two-factor authentication

D.
Digital signatures

E.
One-time passwords

Answer 60

D

Question 61

Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys. Which of the
following can be implemented to enable users to share encrypted data while abiding by company policies?

A.
Key escrow

B.
Digital signatures

C.
PKI

D.
Hashing

Answer 61

B

Question 62

Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should
Joe put in place to BEST reduce these incidents?

A.
Account lockout

B.
Group Based Privileges

C.
Least privilege

D.
Password complexity

Answer 62

A

Question 63

A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently,
the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?

A.
Replace FTP with SFTP and replace HTTP with TLS

B.
Replace FTP with FTPS and replaces HTTP with TFTP

C.
Replace FTP with SFTP and replace HTTP with Telnet

D.
Replace FTP with FTPS and replaces HTTP with IPSec

Answer 63

A

Question 64

In an effort to reduce data storage requirements, a company devices to hash every file and eliminate duplicates. The data processing routines are time sensitive so
the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?

A.
MD5

B.
SHA

C.
RIPEMD

D.
AES

Answer 64

A

Question 65

The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop. Which of the
following should the security administrator implement to ensure confidentiality of the data if the laptop were to be stolen or lost during the trip?

A.
Remote wipe

B.
Full device encryption

C.
BIOS password

D.
GPS tracking

Answer 65

B

Question 66

The firewall administrator is adding a new certificate for the company’s remote access solution. The solution requires that the uploaded file contain the entire
certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is
rejected. Which of the following is required to complete the certificate chain?

A.
Certificate revocation list

B.
Intermediate authority

C.
Recovery agent

D.
Root of trust

Answer 66

B

Question 67

Given the log output:
Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source:
10.0.12.45]
[localport: 23] at 00:15:23:431 CET Sun Mar 15 2015
Which of the following should the network administrator do to protect data security?

A.
Configure port security for logons

B.
Disable telnet and enable SSH

C.
Configure an AAA server

D.
Disable password and enable RSA authentication

Answer 67

B

Question 68

Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic
and finally conducts an image of the hard drive. Which of the following procedures did Joe follow?

A.
Order of volatility

B.
Chain of custody

C.
Recovery procedure

D.
Incident isolation

Answer 68

A

Question 69

Which of the following are MOST susceptible to birthday attacks?

A.
Hashed passwords

B.
Digital certificates

C.
Encryption passwords

D.
One time passwords

Answer 69

A

Question 70

Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed,
and penalties for failure?

A.
MOU

B.
ISA

C.
BPA

D.
SLA

Answer 70

D

Question 71

A company is planning to encrypt the files in several sensitive directories of a file server with a symmetric key.
Which of the following could be used?

A.
RSA

B.
TwoFish

C.
Diffie-Helman

D.
NTLMv2

E.
RIPEMD

Answer 71

B

Question 72

Malware that changes its binary pattern on specific dates at specific times to avoid detection is known as a (n):

A.
armored virus

B.
logic bomb

C.
polymorphic virus

D.
Trojan

Answer 72

C

Question 73

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net). Which of the following rules is
preventing the CSO from accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

A.
Rule 1: deny from inside to outside source any destination any service smtp

B.
Rule 2: deny from inside to outside source any destination any service ping

C.
Rule 3: deny from inside to outside source any destination {blocked sites} service http-https

D.
Rule 4: deny from any to any source any destination any service any

Answer 73

D

Question 74

After correctly configuring a new wireless enabled thermostat to control the temperature of the company’s meeting room, Joe, a network administrator determines
that the thermostat is not connecting to the internet- based control system. Joe verifies that the thermostat received the expected network parameters and it is
associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator
verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

A.
The company implements a captive portal

B.
The thermostat is using the incorrect encryption algorithm

C.
the WPA2 shared likely is incorrect

D.
The company’s DHCP server scope is full

Answer 74

A

Question 75

A technician needs to implement a system which will properly authenticate users by their username and password only when the users are logging in from a
computer in the office building. Any attempt to authenticate from a location other than the office building should be rejected.
Which of the following MUST the technician implement?

A.
Dual factor authentication

B.
Transitive authentication

C.
Single factor authentication

D.
Biometric authentication

Answer 75

A

Question 76

A security administrator wishes to implement a secure a method of file transfer when communicating with outside organizations. Which of the following protocols
would BEST facilitate secure file transfers? (Select TWO)

A.
SCP

B.
TFTP

C.
SNMP

D.
FTP

E.
SMTP

F.
FTPS

Answer 76

A, F

Question 77

Which of the following BEST describes an attack where communications between two parties are intercepted and forwarded to each party with neither party being
aware of the interception and potential modification to the communications?

A.
Spear phishing

B.
Main-in-the-middle

C.
URL hijacking

D.
Transitive access

Answer 77

B

Question 78

A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources.
Which of the following should be implemented?

A.
Mandatory access control

B.
Discretionary access control

C.
Role based access control

D.
Rule-based access control

Answer 78

B

Question 79

An organization is working with a cloud services provider to transition critical business applications to a hybrid cloud environment. The organization retains sensitive
customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data. In which of the following documents
would this concern MOST likely be addressed?

A.
Service level agreement

B.
Interconnection security agreement

C.
Non-disclosure agreement

D.
Business process analysis

Answer 79

B

Question 80

During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the
following would help reduce the amount of risk the organization incurs in this situation in the future?

A.
Time-of-day restrictions

B.
User access reviews

C.
Group-based privileges

D.
Change management policies

Answer 80

B

Question 81

Having adequate lighting on the outside of a building is an example of which of the following security controls?

A.
Deterrent

B.
Compensating

C.
Detective

D.
Preventative

Answer 81

A

Question 82

A security administrator needs a method to ensure that only employees can get onto the internal network when plugging into a network switch. Which of the
following BEST meets that requirement?

A.
NAC

B.
UTM

C.
DMZ

D.
VPN

Answer 82

A

Question 83

A security architect is designing an enterprise solution for the sales force of a corporation which handles sensitive customer data. The solution must allow users to
work from remote offices and support traveling users. Which of the following is the MOST appropriate control for the architect to focus onto ensure confidentiality of
data stored on laptops?

A.
Full-disk encryption

B.
Digital sign

C.
Federated identity management

D.
Cable locks

Answer 83

A

Question 84

Joe is a helpdesk specialist. During a routine audit, a company discovered that his credentials were used while he was on vacation. The investigation further
confirmed that Joe still has his badge and it was last used to exit the facility. Which of the following access control methods is MOST appropriate for preventing
such occurrences in the future?

A.
Access control where the credentials cannot be used except when the associated badge is in the facility

B.
Access control where system administrators may limit which users can access their systems

C.
Access control where employee’s access permissions is based on the job title

D.
Access control system where badges are only issued to cleared personnel

Answer 84

A

Question 85

A company often processes sensitive data for the government. The company also processes a large amount of commercial work and as such is often providing
tours to potential customers that take them into various workspaces. Which of the following security methods can provide protection against tour participants
viewing sensitive information at minimal cost?

A.
Strong passwords

B.
Screen protectors

C.
Clean-desk policy

D.
Mantraps

Answer 85

C

Question 86

Recently clients are stating they can no longer access a secure banking site’s webpage. In reviewing the clients’ web browser settings, the certificate chain is
showing the following:
Certificate Chain:
X Digi Cert
Digi Cert High assurance C3
* banksite.com
Certificate Store:
Digi Cert Others Certificate Store
Digi Cert High assurance C3 Others Certificate Store
Based on the information provided, which of the following is the problem when connecting to the website?

A.
The certificate signature request was invalid

B.
Key escrow is failing for the certificate authority

C.
The certificate authority has revoked the certificate

D.
The clients do not trust the certificate authority

Answer 86

C

Question 87

An administrator is configuring a new Linux web server where each user account is confined to a cheroot jail.
Which of the following describes this type of control?

A.
SysV

B.
Sandbox

C.
Zone

D.
Segmentation

Answer 87

B

Question 88

A Chief Executive Officer (CEO) is steering company towards cloud computing. The CEO is requesting a federated sign-on method to have users sign into the
sales application. Which of the following methods will be effective for this purpose?

A.
SAML

B.
RADIUS

C.
Kerberos

D.
LDAP

Answer 88

A

Question 89

A recent audit has revealed that all employees in the bookkeeping department have access to confidential payroll information, while only two members of the
bookkeeping department have job duties that require access to the confidential information. Which of the following can be implemented to reduce the risk of this
information becoming compromised in this scenario? (Select TWO)

A.
Rule-based access control

B.
Role-based access control

C.
Data loss prevention

D.
Separation of duties

E.
Group-based permissions

Answer 89

B, E

Question 90

An organization uses a Kerberos-based LDAP service for network authentication. The service is also utilized for internal web applications. Finally access to terminal
applications is achieved using the same authentication method by joining the legacy system to the Kerberos realm. This company is using Kerberos to achieve
which of the following?

A.
Trusted Operating System

B.
Rule-based access control

C.
Single sign on

D.
Mandatory access control

Answer 90

C

Question 91

A company is implementing a system to transfer direct deposit information to a financial institution. One of the requirements is that the financial institution must be
certain that the deposit amounts within the file have not been changed. Which of the following should be used to meet the requirement?

A.
Key escrow

B.
Perfect forward secrecy

C.
Transport encryption

D.
Digital signatures

E.
File encryption

Answer 91

D

Question 92

Joe an employee has reported to Ann a network technician an unusual device plugged into a USB port on a workstation in the call center. Ann unplugs the
workstation and brings it to the IT department where an incident is opened. Which of the following should have been done first?

A.
Notify the incident response team lead

B.
Document chain of custody

C.
Take a copy of volatile memory

D.
Make an image of the hard drive

Answer 92

A

Question 93

An organization receives an email that provides instruction on how to protect a system from being a target of new malware that is rapidly infecting systems. The
incident response team investigates the notification and determines it to invalid and notifies users to disregard the email. Which of the following BEST describes this
occurrence?

A.
Phishing

B.
Scareware

C.
SPAM

D.
Hoax

Answer 93

D

Question 94

A government agency wants to ensure that the systems they use have been deployed as security as possible. Which of the following technologies will enforce
protections on these systems to prevent files and services from operating outside of a strict rule set?

A.
Host based Intrusion detection

B.
Host-based firewall

C.
Trusted OS

D.
Antivirus

Answer 94

B

Question 95

A forensics analyst is tasked identifying identical files on a hard drive. Due to the large number of files to be compared, the analyst must use an algorithm that is
known to have the lowest collision rate. Which of the following should be selected?

A.
MD5

B.
RC4

C.
SHA1

D.
AES-256

Answer 95

C

Question 96

Joe a system architect wants to implement appropriate solutions to secure the company’s distributed database. Which of the following concepts should be
considered to help ensure data security? (Select TWO)

A.
Data at rest

B.
Data in use

C.
Replication

D.
Wiping

E.
Retention

F.
Cloud Storage

Answer 96

A, C

Question 97

A system administrator is implementing a firewall ACL to block specific communication to and from a predefined list of IP addresses, while allowing all other
communication. Which of the following rules is necessary to support this implementation?

A.
Implicit allow as the last rule

B.
Implicit allow as the first rule

C.
Implicit deny as the first rule

D.
Implicit deny as the last rule

Answer 97

A

Question 98

Ann a user has been promoted from a sales position to sales manager. Which of the following risk mitigation strategies would be MOST appropriate when a user
changes job roles?

A.
Implement data loss prevention

B.
Rest the user password

C.
User permissions review

D.
Notify incident management

Answer 98

C

Question 99

When viewing IPS logs the administrator see systems all over the world scanning the network for servers with port 22 open. The administrator concludes that this
traffic is a(N):

A.
Risk

B.
Vulnerability

C.
Exploit

D.
Threat

Answer 99

D

Question 100

An administrator wants to provide onboard hardware based cryptographic processing and secure key storage for full-disk encryption. Which of the following should
the administrator use to fulfill the requirements?

A.
AES

B.
TPM

C.
FDE

D.
PAM

Answer 100

B

Question 101

Which of the following access control methodologies provides an individual with the most restrictive access rights to successfully perform their authorized duties?

A.
Mandatory Access Control

B.
Rule Based Access Control

C.
Least Privilege

D.
Implicit Deny

E.
Separation of Duties

Answer 101

C