Topic 2 Flashcards by David Tran

A portable data storage device has been determined to have malicious firmware.
Which of the following is the BEST course of action to ensure data confidentiality?

Format the device
Re-image the device
Perform virus scan in the device
Physically destroy the device

Perform virus scan in the device

How well did you know this?

Not at all

Perfectly

Before an infection was detected, several of the infected devices attempted to access a URL that was similar to the company name but with two letters transposed. Which of the following BEST describes the attack vector used to infect the devices?

Cross-site scripting
DNS poisoning
Typo squatting
URL hijacking

Typo Squatting

How well did you know this?

Not at all

Perfectly

An organization is comparing and contrasting migration from its standard desktop configuration to the newest
version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging?

Dynamic analysis
Change management
Baselining
Waterfalling

Change Management

How well did you know this?

Not at all

Perfectly

An information security analyst needs to work with an employee who can answer QUESTION NO:s about
how data for a specific system is used in the business. The analyst should seek out an employee who has the
role of:

steward
owner
privacy officer
systems administrator

Owner

How well did you know this?

Not at all

Perfectly

A new mobile application is being developed in-house. Security reviews did not pick up any major flaws,
however vulnerability scanning results show fundamental issues at the very end of the project cycle.
Which of the following security activities should also have been performed to discover vulnerabilities earlier
in the lifecycle?

Architecture review
Risk assessment
Protocol analysis
Code review

Code Review

How well did you know this?

Not at all

Perfectly

A bank requires tellers to get manager approval when a customer wants to open a new account. A recent audit shows that there have been four cases in the previous year where tellers opened accounts without management approval. The bank president thought separation of duties would prevent this from happening.

In order to implement a true separation of duties approach the bank could:

Require the use of two different passwords held by two different individuals to open an account
Administer account creation on a role based access control approach
Require all new accounts to be handled by someone else other than a teller since they have different
duties
Administer account creation on a rule based access control approach

Require all new accounts to be handled by someone else other than a teller since they have different duties.

How well did you know this?

Not at all

Perfectly

Which of the following must be intact for evidence to be admissible in court?

Chain of custody
Order of volatility
Legal hold
Preservation

Chain of Custody

How well did you know this?

Not at all

Perfectly

A system’s administrator has finished configuring firewall ACL to allow access to a new web server.
The security administrator confirms form the following packet capture that there is network traffic from the
internet to the web server:
The company’s internal auditor issues a security finding and requests that immediate action be taken. With which of the following is the auditor MOST concerned?

Misconfigured firewall
Clear text credentials
Implicit deny
Default configuration

Clear text credentials

How well did you know this?

Not at all

Perfectly

An audit takes place after company-wide restricting, in which several employees changed roles. The following
deficiencies are found during the audit regarding access to confidential data:
Which of the following would be the BEST method to prevent similar audit findings in the future?

Implement separation of duties for the payroll department.
Implement a DLP solution on the payroll and human resources servers.
Implement rule-based access controls on the human resources server.
Implement regular permission auditing and reviews.

Implement separation of duties for the payroll department.

How well did you know this?

Not at all

Perfectly

Which of the following cryptographic algorithms is irreversible?

RC4
SHA-256
DES
AES

SHA-256

How well did you know this?

Not at all

Perfectly

A workstation puts out a network request to locate another system. Joe, a hacker on the network, responds before the real system does, and he tricks the workstation into communicating with him. Which of the following BEST describes what occurred?

The hacker used a race condition.
The hacker used a pass-the-hash attack.
The hacker-exploited improper key management.
The hacker exploited weak switch configuration.

The hacker exploited weak switch configuration

How well did you know this?

Not at all

Perfectly

A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?

It can protect multiple domains
It provides extended site validation
It does not require a trusted certificate authority
It protects unlimited subdomains

It provides extended site validation

How well did you know this?

Not at all

Perfectly

A company was recently audited by a third party. The audit revealed the company’s network devices were
transferring files in the clear. Which of the following protocols should the company use to transfer files?

HTTPS
LDAPS
SCP
SNMPv3

SCP

How well did you know this?

Not at all

Perfectly

An organization’s primary datacenter is experiencing a two-day outage due to an HVAC malfunction. The
node located in the datacenter has lost power and is no longer operational, impacting the ability of all users to connect to the alternate datacenter. Which of the following BIA concepts BEST represents the risk described in this scenario?

SPoF
RTO
MTBF
MTTR

SPoF (Single Point of Failure)

How well did you know this?

Not at all

Perfectly

A Chief Executive Officer (CEO) suspects someone in the lab testing environment is stealing confidential
information after working hours when no one else is around. Which of the following actions can help to
prevent this specific threat?

Implement time-of-day restrictions.
Audit file access times.
Secretly install a hidden surveillance camera.
Require swipe-card access to enter the lab.

Require swipe-card access to enter the lab

How well did you know this?

Not at all

Perfectly

An attacker discovers a new vulnerability in an enterprise application. The attacker takes advantage of the vulnerability by developing new malware. After installing the malware, the attacker is provided with access to the infected machine.

Which of the following is being described?

Zero-day exploit
Remote code execution
Session hijacking
Command injection

Zero-day exploit

How well did you know this?

Not at all

Perfectly

A technician is configuring a wireless guest network. After applying the most recent changes the technician
finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network.

Which of the following security measures did the technician MOST likely implement to cause this Scenario?

Deactivation of SSID broadcast
Reduction of WAP signal output power
Activation of 802.1X with RADIUS
Implementation of MAC filtering
Beacon interval was decreased

Deactivation of SSID broadcast

How well did you know this?

Not at all

Perfectly

Technicians working with servers hosted at the company’s datacenter are increasingly complaining of electric shocks when touching metal items which have been linked to hard drive failures.

Which of the following should be implemented to correct this issue?

Decrease the room temperature
Increase humidity in the room
Utilize better hot/cold aisle configurations
Implement EMI shielding

Increase humidity in the room

How well did you know this?

Not at all

Perfectly

A development team has adopted a new approach to projects in which feedback is iterative and multiple
iterations of deployments are provided within an application’s full life cycle. Which of the following software development methodologies is the development team using?

Waterfall
Agile
Rapid
Extreme

Agile

How well did you know this?

Not at all

Perfectly

Audit logs from a small company’s vulnerability scanning software show the following findings:

Destinations scanned:

Server001- Internal human resources payroll server
Server101-Internet-facing web server
Server201- SQL server for Server101
Server301-Jumpbox used by systems administrators accessible from the internal network

Validated vulnerabilities found:

Server001- Vulnerable to buffer overflow exploit that may allow attackers to install software
Server101- Vulnerable to buffer overflow exploit that may allow attackers to install software
Server201-OS updates not fully current
Server301- Accessible from internal network without the use of jumpbox
Server301-Vulnerable to highly publicized exploit that can elevate user privileges

Assuming external attackers who are gaining unauthorized information are of the highest concern, which of the following servers should be addressed FIRST?

Server001
Server101
Server201
Server301

Server101

How well did you know this?

Not at all

Perfectly

A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Select two.)

Geofencing
Remote wipe
Near-field communication
Push notification services
Containerization

Geofencing

Containerization

How well did you know this?

Not at all

Perfectly

A security analyst notices anomalous activity coming from several workstations in the organizations. Upon
identifying and containing the issue, which of the following should the security analyst do NEXT?

Document and lock the workstations in a secure area to establish chain of custody

Notify the IT department that the workstations are to be reimaged and the data restored for reuse

Notify the IT department that the workstations may be reconnected to the network for the users to
continue working

Document findings and processes in the after-action and lessons learned report

Document findings and processes in the after-action and lessions learned report

How well did you know this?

Not at all

Perfectly

A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which
is expected to accommodate at most 14 physical hosts.
Which of the following subnets would BEST meet the requirements?

168.0.16 255.25.255.248
168.0.16/28
168.1.50 255.255.25.240
168.2.32/27

192.168.0.16/28

How well did you know this?

Not at all

Perfectly

A security administrator returning from a short vacation receives an account lock-out message when
attempting to log into the computer. After getting the account unlocked the security administrator immediately notices a large amount of emails alerts pertaining to several different user accounts being locked out during the past three days. The security administrator uses system logs to determine that the lock-outs were due to a brute force attack on all accounts that has been previously logged into that machine.

Which of the following can be implemented to reduce the likelihood of this attack going undetected?

Password complexity rules
Continuous monitoring
User access reviews
Account lockout policies

Continuous monitoring

How well did you know this?

Not at all

Perfectly

A group of non-profit agencies wants to implement a cloud service to share resources with each other and minimize costs. Which of the following cloud deployment models BEST describes this type of effort? Public Hybrid Community Private

Community

Joe, a security administrator, needs to extend the organization’s remote access functionality to be used by staff while travelling. Joe needs to maintain separate access control functionalities for internal, external, and VOIP services. Which of the following represents the BEST access technology for Joe to use? RADIUS TACACS+ Diameter Kerberos

TACAS+

An administrator has concerns regarding the traveling sales team who works primarily from smart phones. Given the sensitive nature of their work, which of the following would BEST prevent access to the data in case of loss or theft? Enable screensaver locks when the phones are not in use to prevent unauthorized access Configure the smart phones so that the stored data can be destroyed from a centralized location Configure the smart phones so that all data is saved to removable media and kept separate from the device Enable GPS tracking on all smart phones so that they can be quickly located and recovered

Configure the smart phones so that the stored data can be destroyed from a centralized location.

A company is developing a new system that will unlock a computer automatically when an authorized user sits in front of it, and then lock the computer when the user leaves. The user does not have to perform any action for this process to occur. Which of the following technologies provides this capability? Facial recognition Fingerprint scanner Motion detector Smart cards

Facial recognition

After a merger between two companies a security analyst has been asked to ensure that the organization's systems are secured against infiltration by any former employees that were terminated during the transition. Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO) Monitor VPN client access Reduce failed login out settings Develop and implement updated access control policies Review and address invalid login attempts Increase password complexity requirements Assess and eliminate inactive accounts

Develop and implement updated access control policies Assess and eliminate inactive accounts

A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls. Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Select Three) ``` Password complexity policies Hardware tokens Biometric systems Role-based permissions One time passwords Separation of duties Multifactor authentication Single sign-on Lease privilege ```

Role-based permissions Seperation of duties Lease privilege

A copy of a highly confidential salary report was recently found on a printer in the IT department. The human resources department does not have this specific printer mapped to its devices, and it is suspected that an employee in the IT department browsed to the share where the report was located and printed it without authorization. Which of the following technical controls would be the BEST choice to immediately prevent this from happening again? Implement a DLP solution and classify the report as confidential, restricting access only to human resources staff Restrict access to the share where the report resides to only human resources employees and enable auditing Have all members of the IT department review and sign the AUP and disciplinary policies Place the human resources computers on a restricted VLAN and configure the ACL to prevent access from the IT department

Restrict access to the share where the report resides to only human resources employees and enable auditing.

Which of the following types of attacks precedes the installation of a rootkit on a server? Pharming DDoS Privilege escalation DoS

Privilege escalation

A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed? Removing the hard drive from its enclosure Using software to repeatedly rewrite over the disk space Using Blowfish encryption on the hard drives Using magnetic fields to erase the data

Using magnetic fields to erase the data

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue? The S/MIME plug-in is not enabled The SSL certificate has expired Secure IMAP was not implemented POP3S is not supported

Secure IMAP was not implemented

An organization uses SSO authentication for employee access to network resources. When an employee resigns, as per the organization’s security policy, the employee’s access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action? Approve the former employee’s request, as a password reset would give the former employee access to only the human resources server. Deny the former employee’s request, since the password reset request came from an external email address. Deny the former employee’s request, as a password reset would give the employee access to all network resources. Approve the former employee’s request, as there would not be a security issue with the former employee gaining access to network resources.

Deny the former employee's request, as a password reset would give the employee access to all network resources.

A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/or approvals. Which of the following BEST describes this type of agreement? ISA NDA MOU SLA

NDA

During a routine audit, it is discovered that someone has been using a stale administrator account to log into a seldom used server. The person has been using the server to view inappropriate websites that are prohibited to end users. Which of the following could best prevent this from occurring again? Credential management Group policy management Acceptable use policy Account expiration policy

Group policy management

Which of the following should identify critical systems and components? MOU BPA ITCP BCP

BCP (business continuity plan)

A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern? Separation of duties Mandatory vacations Background checks Security awareness training

Seperation of duties

A user of the wireless network is unable to gain access to the network. The symptoms are: 1.) Unable to connect to both internal and Internet resources 2.) The wireless icon shows connectivity but has no network access The wireless network is WPA2 Enterprise and users must be a member of the wireless security group to authenticate. Which of the following is the MOST likely cause of the connectivity issues? The wireless signal is not strong enough A remote DDoS attack against the RADIUS server is taking place The user's laptop only supports WPA and WEP The DHCP scope is full The dynamic encryption key did not update while the user was offline

The wireless signal is not strong enough

A mobile device user is concerned about geographic positioning information being included in messages sent between users on a popular social network platform. The user turns off the functionality in the application, but wants to ensure the application cannot re-enable the setting without the knowledge of the user. Which of the following mobile device capabilities should the user disable to achieve the stated goal? Device access control Location based services Application control GEO-Tagging

GEO-tagging

A security administrator must implement a system to ensure that invalid certificates are not used by a custom developed application. The system must be able to check the validity of certificates even when internet access is unavailable. Which of the following MUST be implemented to support this requirement? CSR OCSP CRL SSH

CRL (Certificate Revocation List)

While reviewing the monthly internet usage it is noted that there is a large spike in traffic classified as "unknown" and does not appear to be within the bounds of the organizations Acceptable Use Policy. Which of the following tool or technology would work BEST for obtaining more information on this traffic? Firewall logs IDS logs Increased spam filtering Protocol analyzer

IDS logs

A technician suspects that a system has been compromised. The technician reviews the following log entry: WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll Based solely ono the above information, which of the following types of malware is MOST likely installed on the system? Rootkit Ransomware Trojan Backdoor

Rootkit

As part of the SDLC, a third party is hired to perform a penetration test. The third party will have access to the source code, integration tests, and network diagrams. Which of the following BEST describes the assessment being performed? Black box Regression White box Fuzzing

White box

An in-house penetration tester is using a packet capture device to listen in on network communications. This is an example of: Passive reconnaissance Persistence Escalation of privileges Exploiting the switch

Exploiting the switch

The security administrator receives an email on a non-company account from a coworker stating that some reports are not exporting correctly. Attached to the email was an example report file with several customers' names and credit card numbers with the PIN. Which of the following is the BEST technical controls that will help mitigate this risk of disclosing sensitive data? Configure the mail server to require TLS connections for every email to ensure all transport data is encrypted Create a user training program to identify the correct use of email and perform regular audits to ensure compliance Implement a DLP solution on the email gateway to scan email and remove sensitive data or files Classify all data according to its sensitivity and inform the users of data that is prohibited to share

Implement a DLP solution on the email gateway to scan email and remote sensitive data or files

Which of the following cryptography algorithms will produce a fixed-length, irreversible output? AES 3DES RSA MD5

MD5

A security administrator has been tasked with improving the overall security posture related to desktop machines on the network. An auditor has recently that several machines with confidential customer information displayed in the screens are left unattended during the course of the day. Which of the following could the security administrator implement to reduce the risk associated with the finding? Implement a clean desk policy Security training to prevent shoulder surfing Enable group policy based screensaver timeouts Install privacy screens on monitors

Enable group policy based screensaver timeouts

A company’s AUP requires: Passwords must meet complexity requirements. Passwords are changed at least once every six months. Passwords must be at least eight characters long. An auditor is reviewing the following report: ``` Which of the following controls should the auditor recommend to enforce the AUP? Account lockout thresholds Account recovery Password expiration Prohibit password reuse ```

Password Expiration

A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company. Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network? Pre-shared key Enterprise Wi-Fi Protected setup Captive portal

Captive portal

Which of the following works by implanting software on systems but delays execution until a specific set of conditions is met? Logic bomb Trojan Scareware Ransomware

Logic bomb

``` A security analyst receives an alert from a WAF with the following payload: var data= “” ++ ” ``` Which of the following types of attacks is this? ``` Cross-site request forgery Buffer overflow SQL injection JavaScript data insertion Firewall evasion script ```

Firewall evasion script

An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented? Use a camera for facial recognition Have users sign their name naturally Require a palm geometry scan Implement iris recognition

Have users sign their name naturally

A security analyst has received the following alert snippet from the HIDS appliance: Given the above logs, which of the following is the cause of the attack? The TCP ports on destination are all open FIN, URG, and PSH flags are set in the packet header TCP MSS is configured improperly There is improper Layer 2 segmentation

FIN, URG, and PSH flags are set in the packet header

A user is presented with the following items during the new-hire onboarding process: -Laptop -Secure USB drive -Hardware OTP token -External high-capacity HDD -Password complexity policy -Acceptable use policy -HASP key -Cable lock Which of the following is one component of multifactor authentication? Secure USB drive Cable lock Hardware OTP token HASP key

Hardware OTP token

A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.) ``` Option A Option B Option C Option D Option E Option F ```

Option A and C

Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time? Isolating the systems using VLANs Installing a software-based IPS on all devices Enabling full disk encryption Implementing a unique user PIN access functions

Isolating the systems using VLANs

A security analyst wants to harden the company’s VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring? Implement SRTP between the phones and the PBX. Place the phones and PBX in their own VLAN. Restrict the phone connections to the PBX. Require SIPS on connections to the PBX.

Require SIPS on connections to the PBX

Which of the following AES modes of operation provide authentication? (Select two.) ``` CCM CBC GCM DSA CFB ```

CCM | GCM

See PDF for simulation

See PDF

A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue? The firewall should be configured to prevent user traffic form matching the implicit deny rule. The firewall should be configured with access lists to allow inbound and outbound traffic. The firewall should be configured with port security to allow traffic. The firewall should be configured to include an explicit deny rule.

The firewall should be configured to prevent user traffic from matching the implicit deny rule.

To reduce disk consumption, an organization’s legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met? Create a daily encrypted backup of the relevant emails. Configure the email server to delete the relevant emails. Migrate the relevant emails into an “Archived” folder. Implement automatic disk compression on email servers

Create a daily encrypted backup of the relevant emails.

An employee receives an email, which appears to be from the Chief Executive Officer (CEO), asking for a report of security credentials for all users. Which of the following types of attack is MOST likely occurring? Policy violation Social engineering Whaling Spear phishing

Spear fishing

A director of IR is reviewing a report regarding several recent breaches. The director compiles the following statistic’s -Initial IR engagement time frame -Length of time before an executive management notice went out -Average IR phase completion The director wants to use the data to shorten the response time. Which of the following would accomplish this? CSIRT Containment phase Escalation notifications Tabletop exercise

Tabletop exercise

Which of the following differentiates a collision attack from a rainbow table attack? A rainbow table attack performs a hash lookup A rainbow table attack uses the hash as a password In a collision attack, the hash and the input data are equivalent In a collision attack, the same input results in different hashes

A rainbow table attack performs a hash lookup

A web application is configured to target browsers and allow access to bank accounts to siphon money to a foreign account. This is an example of which of the following attacks? SQL injection Header manipulation Cross-site scripting Flash cookie exploitation

Cross-site scripting

An administrator is configuring access to information located on a network file server named “Bowman”. The files are located in a folder named “BalkFiles”. The files are only for use by the “Matthews” division and should be read-only. The security policy requires permissions for shares to be managed at the file system layer and also requires those permissions to be set according to a least privilege model. Security policy for this data type also dictates that administrator-level accounts on the system have full access to the files. The administrator configures the file share according to the following table: Which of the following rows has been misconfigured? ``` Row 1 Row 2 Row 3 Row 4 Row 5 ```

Row 4

A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the followingshould the security analyst use to prevent this vulnerability? Application fuzzing Error handling Input validation Pointer dereference

Input validation

A security engineer is faced with competing requirements from the networking group and database administrators. The database administrators would like ten application servers on the same subnet for ease of administration, whereas the networking group would like to segment all applications from one another. Which of the following should the security administrator do to rectify this issue? Recommend performing a security assessment on each application, and only segment the applications with the most vulnerability Recommend classifying each application into like security groups and segmenting the groups from one another Recommend segmenting each application, as it is the most secure approach Recommend that only applications with minimal security features should be segmented to protect them

Recommend classifying each application into like security groups and segmenting the groups from one another.

A vulnerability scanner that uses its running service’s access level to better assess vulnerabilities across multiple assets within an organization is performing a: Credentialed scan. Non-intrusive scan. Privilege escalation test. Passive scan.

Credentialed scan

A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements? The vulnerability scanner is performing an authenticated scan. The vulnerability scanner is performing local file integrity checks. The vulnerability scanner is performing in network sniffer mode. The vulnerability scanner is performing banner grabbing.

The vulnerability scanner is performing in network sniffer mode.

Although a web enabled application appears to only allow letters in the comment field of a web form, malicious user was able to carry a SQL injection attack by sending special characters through the web comment field. Which of the following has the application programmer failed to implement? Revision control system Client side exception handling Server side validation Server hardening

Server side validation

A systems administrator is reviewing the following information from a compromised server: Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack? Apache LSASS MySQL TFTP

Apache

Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against? Passwords written on the bottom of a keyboard Unpatched exploitable Internet-facing services Unencrypted backup tapes Misplaced hardware token

Unpatched exploitable internet-facting services

A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this? Enforce authentication for network devices Configure the phones on one VLAN, and computers on another Enable and configure port channels Make users sign an Acceptable use Agreement

Enforce authentication for network devices

A security analyst is investigating a suspected security breach and discovers the following in the logs of the potentially compromised server: Which of the following would be the BEST method for preventing this type of suspected attack in the future? Implement password expirations Implement restrictions on shared credentials Implement account lockout settings Implement time-of-day restrictions on this server

Implement account lockout settings

An application developer is designing an application involving secure transports from one service to another that will pass over port 80 for a request. Which of the following secure protocols is the developer MOST likely to use? ``` FTPS SFTP SSL LDAPS SSH ```

SSL

A penetration tester finds that a company’s login credentials for the email client were being sent in clear text. Which of the following should be done to provide encrypted logins to the email server? Enable IPSec and configure SMTP. Enable SSH and LDAP credentials. Enable MIME services and POP3. Enable an SSL certificate for IMAP services.

Enable an SSL certificate for IMAP services

A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company's clients. Which of the following is being used? Gray box vulnerability testing Passive scan Credentialed scan Bypassing security controls

Gray box vulnerability testing

A security analyst reviews the following output: The analyst loads the hash into the SIEM to discover if this hash is seen in other parts of the network. After inspecting a large number of files, the security analyst reports the following: Which of the following is the MOST likely cause of the hash being found in other areas? Jan Smith is an insider threat There are MD5 hash collisions The file is encrypted Shadow copies are present

There are MD5 hash collisions

A security administrator is configuring a new network segment, which contains devices that will be accessed by external users, such as web and FTP server. Which of the following represents the MOST secure way to configure the new network segment? The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic. The segment should be placed in the existing internal VLAN to allow internal traffic only. The segment should be placed on an intranet, and the firewall rules should be configured to allow external traffic. The segment should be placed on an extranet, and the firewall rules should be configured to allow both internal and external traffic.

The segment should be placed on a separate VLAN, and the firewall rules should be configured to allow external traffic.

A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired? The certificate was self signed, and the CA was not imported by employees or customers The root CA has revoked the certificate of the intermediate CA The valid period for the certificate has passed, and a new certificate has not been issued The key escrow server has blocked the certificate from being validated

The valid period for the certificate has passed, and a new certificate has not been issued.

After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take? ``` Recovery Identification Preparation Documentation Escalation ```

Identification

A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocols MUST the security engineer select? EAP-FAST EAP-TLS PEAP EAP

PEAP

A security administrator has been assigned to review the security posture of the standard corporate system image for virtual machines. The security administrator conducts a thorough review of the system logs, installation procedures, and network configuration of the VM image. Upon reviewing the access logs and user accounts, the security administrator determines that several accounts will not be used in production. Which of the following would correct the deficiencies? Mandatory access controls Disable remote login Host hardening Disabling services

Host hardening

Which of the following would meet the requirements for multifactor authentication? Username, PIN, and employee ID number Fingerprint and password Smart card and hardware token Voice recognition and retina scan

Fingerprint and password

Company policy requires the use if passphrases instead if passwords. Which of the following technical controls MUST be in place in order to promote the use of passphrases? Reuse Length History Complexity

Complexity

A company hires a third-party firm to conduct an assessment of vulnerabilities exposed to the Internet. The firm informs the company that an exploit exists for an FTP server that had a version installed from eight years ago. The company has decided to keep the system online anyway, as no upgrade exists from the vendor. Which of the following BEST describes the reason why the vulnerability exists? Default configuration End-of-life system Weak cipher suite Zero-day threats

End-of-life system

The availability of a system has been labeled as the highest priority. Which of the following should be focused on the MOST to ensure the objective? Authentication HVAC Full-disk encryption File integrity checking

HVAC

Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.) To prevent server availability issues To verify the appropriate patch is being installed To generate a new baseline hash after patching To allow users to test functionality To ensure users are trained on new functionality

To prevent server availability issues | To allow users to test functionality

A company has a security policy that specifies all endpoint computing devices should be assigned a unique identifier that can be tracked via an inventory management system. Recent changes to airline security regulations have cause many executives in the company to travel with mini tablet devices instead of laptops. These tablet devices are difficult to tag and track. An RDP application is used from the tablet to connect into the company network. Which of the following should be implemented in order to meet the security policy requirements? ``` Virtual desktop infrastructure (IDI) WS-security and geo-fencing A hardware security module (HSM) RFID tagging system MDM software Security Requirements Traceability Matrix (SRTM) ```

MDM software

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.

Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

A member of a digital forensics team, Joe arrives at a crime scene and is preparing to collect system data. Before powering the system off, Joe knows that he must collect the most volatile date first. Which of the following is the correct order in which Joe should collect the data? CPU cache, paging/swap files, RAM, remote logging data RAM, CPU cache. Remote logging data, paging/swap files Paging/swap files, CPU cache, RAM, remote logging data CPU cache, RAM, paging/swap files, remote logging data

CPU cache, RAM, paging/swap files, remote logging data

Joe, a user, wants to send Ann, another user, a confidential document electronically. Which of the following should Joe do to ensure the document is protected from eavesdropping? Encrypt it with Joe’s private key Encrypt it with Joe’s public key Encrypt it with Ann’s private key Encrypt it with Ann’s public key

Encrypt it with Ann’s public key

An organization has hired a penetration tester to test the security of its ten web servers. The penetration tester is able to gain root/administrative access in several servers by exploiting vulnerabilities associated with the implementation of SMTP, POP, DNS, FTP, Telnet, and IMAP. Which of the following recommendations should the penetration tester provide to the organization to better protect their web servers in the future? Use a honeypot Disable unnecessary services Implement transport layer security Increase application event logging

Disable unnecessary services

A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.) ``` ALE AV ARO EF ROI ```

AV | EF

Which of the following are methods to implement HA in a web application server environment? (Select two.) ``` Load balancers Application layer firewalls Reverse proxies VPN concentrators Routers ```

Load balancers | Application layer firewalls

A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.) ``` Ping Ipconfig Tracert Netstat Dig Nslookup ```

Ipconfig | Tracert

During a monthly vulnerability scan, a server was flagged for being vulnerable to an Apache Struts exploit. Upon further investigation, the developer responsible for the server informs the security team that Apache Struts is not installed on the server. Which of the following BEST describes how the security team should reach to this incident? The finding is a false positive and can be disregarded The Struts module needs to be hardened on the server The Apache software on the server needs to be patched and updated The server has been compromised by malware and needs to be quarantined.

The finding is a false positive and can be disregarded

After a routine audit, a company discovers that engineering documents have been leaving the network on a particular port. The company must allow outbound traffic on this port, as it has a legitimate business use. Blocking the port would cause an outage. Which of the following technology controls should the company implement? NAC Web proxy DLP ACL

DLP