Topic 2 Flashcards Preview

Sec+ > Topic 2 > Flashcards

Flashcards in Topic 2 Deck (101)
Loading flashcards...

A portable data storage device has been determined to have malicious firmware.
Which of the following is the BEST course of action to ensure data confidentiality?

Format the device
Re-image the device
Perform virus scan in the device
Physically destroy the device

Perform virus scan in the device


Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices?

Cross-site scripting
DNS poisoning
Typo squatting
URL hijacking

Typo Squatting


An organization is comparing and contrasting migration from its standard desktop configuration to the newest
version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?

Dynamic analysis
Change management

Change Management


An information security analyst needs to work with an employee who can answer QUESTION NO:s about
how data for a specific system is used in the business. The analyst should seek out an employee who has the
role of:

privacy officer
systems administrator



A new mobile application is being developed in-house. Security reviews did not pick up any major flaws,
however vulnerability scanning results show fundamental issues at the very end of the project cycle.
Which of the following security activities should also have been performed to discover vulnerabilities earlier
in the lifecycle?

Architecture review
Risk assessment
Protocol analysis
Code review

Code Review


A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening.

In order to implement a true separation of duties approach the bank could:

Require the use of two different passwords held by two different individuals to open an account
Administer account creation on a role based access control approach
Require all new accounts to be handled by someone else other than a teller since they have different
Administer account creation on a rule based access control approach

Require all new accounts to be handled by someone else other than a teller since they have different duties.


Which of the following must be intact for evidence to be admissible in court?

Chain of custody
Order of volatility
Legal hold

Chain of Custody


A system’s administrator has finished configuring firewall ACL to allow access to a new web server.
The security administrator confirms form the following packet capture that there is network traffic from the
internet to the web server:
The company’s internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?

Misconfigured firewall
Clear text credentials
Implicit deny
Default configuration

Clear text credentials


An audit takes place after company-wide restricting, in which several employees changed roles. The following
deficiencies are found during the audit regarding access to confidential data:
Which of the following would be the BEST method to prevent similar audit findings in the future?

Implement separation of duties for the payroll department.
Implement a DLP solution on the payroll and human resources servers.
Implement rule-based access controls on the human resources server.
Implement regular permission auditing and reviews.

Implement separation of duties for the payroll department.


Which of the following cryptographic algorithms is irreversible?




A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?

The hacker used a race condition.
The hacker used a pass-the-hash attack.
The hacker-exploited improper key management.
The hacker exploited weak switch configuration.

The hacker exploited weak switch configuration


A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?

It can protect multiple domains
It provides extended site validation
It does not require a trusted certificate authority
It protects unlimited subdomains

It provides extended site validation


A company was recently audited by a third party. The audit revealed the company’s network devices were
transferring files in the clear. Which of the following protocols should the company use to transfer files?




An organization’s primary datacenter is experiencing a two-day outage due to an HVAC malfunction. The
node located in the datacenter has lost power and is no longer operational, impacting the ability of all users to connect to the alternate datacenter. Which of the following BIA concepts BEST represents the risk described in this scenario?


SPoF (Single Point of Failure)


A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential
information after working hours when no one else is around. Which of the following actions can help to
prevent this specific threat?

Implement time-of-day restrictions.
Audit file access times.
Secretly install a hidden surveillance camera.
Require swipe-card access to enter the lab.

Require swipe-card access to enter the lab


An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware, the attacker is provided with access to the infected machine.

Which of the following is being described?

Zero-day exploit
Remote code execution
Session hijacking
Command injection

Zero-day exploit


A technician is configuring a wireless guest network. After applying the most recent changes the technician
finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network.

Which of the following security measures did the technician MOST likely implement to cause this Scenario?

Deactivation of SSID broadcast
Reduction of WAP signal output power
Activation of 802.1X with RADIUS
Implementation of MAC filtering
Beacon interval was decreased

Deactivation of SSID broadcast


Technicians working with servers hosted at the company's datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures.

Which of the following should be implemented to correct this issue?

Decrease the room temperature
Increase humidity in the room
Utilize better hot/cold aisle configurations
Implement EMI shielding

Increase humidity in the room


A development team has adopted a new approach to projects in which feedback is iterative and multiple
iterations of deployments are provided within an application’s full life cycle. Which of the following software development methodologies is the development team using?




Audit logs from a small company’s vulnerability scanning software show the following findings:

Destinations scanned:
-Server001- Internal human resources payroll server
-Server101-Internet-facing web server
-Server201- SQL server for Server101
-Server301-Jumpbox used by systems administrators accessible from the internal network

Validated vulnerabilities found:
-Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software
-Server201-OS updates not fully current
-Server301- Accessible from internal network without the use of jumpbox
-Server301-Vulnerable to highly publicized exploit that can elevate user privileges

Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?




A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.)

Remote wipe
Near-field communication
Push notification services




A security analyst notices anomalous activity coming from several workstations in the organizations. Upon
identifying and containing the issue, which of the following should the security analyst do NEXT?

Document and lock the workstations in a secure area to establish chain of custody

Notify the IT department that the workstations are to be reimaged and the data restored for reuse

Notify the IT department that the workstations may be reconnected to the network for the users to
continue working

Document findings and processes in the after-action and lessons learned report

Document findings and processes in the after-action and lessions learned report


A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which
is expected to accommodate at most 14 physical hosts.
Which of the following subnets would BEST meet the requirements?


A security administrator returning from a short vacation receives an account lock-out message when
attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine.

Which of the following can be implemented to reduce the likelihood of this attack going undetected?

Password complexity rules
Continuous monitoring
User access reviews
Account lockout policies

Continuous monitoring


A group of non-profit agencies wants to implement a cloud service to share resources with each other and
minimize costs. Which of the following cloud deployment models BEST describes this type of effort?




Joe, a security administrator, needs to extend the organization’s remote access functionality to be used by staff while travelling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use?




An administrator has concerns regarding the traveling sales team who works primarily from smart phones.
Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft?

Enable screensaver locks when the phones are not in use to prevent unauthorized access

Configure the smart phones so that the stored data can be destroyed from a centralized location

Configure the smart phones so that all data is saved to removable media and kept separate from the

Enable GPS tracking on all smart phones so that they can be quickly located and recovered

Configure the smart phones so that the stored data can be destroyed from a centralized location.


A company is developing a new system that will unlock a computer automatically when an authorized user sits
in front of it, and then lock the computer when the user leaves. The user does not have to perform any action for this process to occur. Which of the following technologies provides this capability?

Facial recognition
Fingerprint scanner
Motion detector
Smart cards

Facial recognition


After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition.

Which of the following actions are MOST appropriate to harden applications against infiltration by former
employees? (Select TWO)

Monitor VPN client access
Reduce failed login out settings
Develop and implement updated access control policies
Review and address invalid login attempts
Increase password complexity requirements
Assess and eliminate inactive accounts

Develop and implement updated access control policies

Assess and eliminate inactive accounts


A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a
recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls. Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select

Password complexity policies
Hardware tokens
Biometric systems
Role-based permissions
One time passwords
Separation of duties
Multifactor authentication
Single sign-on
Lease privilege

Role-based permissions
Seperation of duties
Lease privilege