Topic 3 Flashcards by David Tran

New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?

Fail-safe
Fault tolerance
Fail secure
Redundancy

Fail-safe

How well did you know this?

Not at all

Perfectly

A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator reported that log files indicated that several records were missing from the database.
Which of the following risk mitigation strategies should have been implemented when the supervisor was
demoted?

Incident management
Routine auditing
IT governance
Monthly user rights reviews

Monthly user rights reviews

How well did you know this?

Not at all

Perfectly

A new security policy in an organization requires that all file transfers within the organization be completed
using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?

Replace FTP with SFTP and replace HTTP with TLS
Replace FTP with FTPS and replaces HTTP with TFTP
Replace FTP with SFTP and replace HTTP with Telnet
Replace FTP with FTPS and replaces HTTP with IPSec

Replace FTP with SFTP and replace HTTP with TLS

How well did you know this?

Not at all

Perfectly

During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the
organization incurs in this situation in the
future?

Time-of-day restrictions
User access reviews
Group-based privileges
Change management policies

User access reviews

How well did you know this?

Not at all

Perfectly

A company wants to host a publicly available server that performs the following functions:
Evaluates MX record lookup
Can perform authenticated requests for A and AAA records Uses RRSIG

Which of the following should the company use to fulfill the above requirements?

DNSSEC
SFTP
nslookup
dig
LDAPS

DNSSEC

How well did you know this?

Not at all

Perfectly

An organization is moving its human resources system to a cloud services provider.
The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements?

Two-factor authentication
Account and password synchronization
Smartcards with PINS
Federated authentication

Federated authentication

How well did you know this?

Not at all

Perfectly

A security administrator wishes to implement a secure a method of file transfer when communicating with
outside organizations. Which of the following protocols would BEST facilitate secure file transfers? (Select
TWO)

SCP
TFTP
SNMP
FTP
SMTP
FTPS

SCP

FTPS

How well did you know this?

Not at all

Perfectly

In an effort to reduce data storage requirements, some company devices to hash every file and eliminate
duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?

MD5
SHA
RIPEMD
AES

SHA

How well did you know this?

Not at all

Perfectly

An attacker wearing a building maintenance uniform approached a company’s receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company’s list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks?

Tailgating
Shoulder surfing
Impersonation
Hoax

Impersonation

How well did you know this?

Not at all

Perfectly

Which of the following is commonly used for federated identity management across multiple organizations?

SAML
Active Directory
Kerberos
LDAP

SAML

How well did you know this?

Not at all

Perfectly

An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the
following security exposures would this lead to?

A virus on the administrator’s desktop would be able to sniff the administrator’s username and password.

Result in an attacker being able to phish the employee’s username and password.

A social engineering attack could occur, resulting in the employee’s password being extracted.

A man in the middle attack could occur, resulting the employee’s username and password being
captured.

How well did you know this?

Not at all

Perfectly

See PDF

Database server 10.10.10.12

How well did you know this?

Not at all

Perfectly

A security technician would like to obscure sensitive data within a file so that it can be transferred without
causing suspicion. Which of the following technologies would BEST be suited to accomplish this?

Transport Encryption
Stream Encryption
Digital Signature
Steganography

Steganography

How well did you know this?

Not at all

Perfectly

Drag and drop the correct protocol to its default port

FTP
Telnet
SMTP
SNMP
SCP
TFTP

How well did you know this?

Not at all

Perfectly

A security administrator needs to implement a system that detects possible intrusions based upon a vendor
provided list. Which of the following BEST describes this type of IDS?

Signature based
Heuristic
Anomaly-based
Behavior-based

Signature based

How well did you know this?

Not at all

Perfectly

The SSID broadcast for a wireless router has been disabled but a network administrator notices that
unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled.

Which of the following would further obscure the presence of the wireless network?

Upgrade the encryption to WPA or WPA2
Create a non-zero length SSID for the wireless router
Reroute wireless users to a honeypot
Disable responses to a broadcast probe request

Disable responses to a broadcast probe request

How well did you know this?

Not at all

Perfectly

Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive.

Which of the following procedures did Joe follow?

Order of volatility
Chain of custody
Recovery procedure
Incident isolation

Order of volatility

How well did you know this?

Not at all

Perfectly

A new intern in the purchasing department requires read access to shared documents. Permissions are
normally controlled through a group called “Purchasing”, however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action?

Modify all the shared files with read only permissions for the intern.
Create a new group that has only read permissions for the files.
Remove all permissions for the shared files.
Add the intern to the “Purchasing” group.

Create a new group that has only read permissions for the files.

How well did you know this?

Not at all

Perfectly

You have just received some room and WiFi access control recommendations from a security consulting
company. Click on each building to bring up available security controls. Please implement the following
requirements:
The Chief Executive Officer’s (CEO) office had multiple redundant security measures installed on the door to
the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the
expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a
passphrase on the customer receipts.
In the Data Center you need to include authentication from the “something you know” category and take
advantage of the existing smartcard reader on the door.
In the Help Desk Office, you need to require single factor authentication through the use of physical tokens
given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while
maintaining three-factor authentication and retaining the more expensive controls.

See PDF

How well did you know this?

Not at all

Perfectly

A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list
below in the correct order in which the forensic analyst should preserve them.

RAM
CPU cache
Swap
Hard drive

CPU cache
RAM
Swap
Hard drive

How well did you know this?

Not at all

Perfectly

A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised?

MAC filtering
Virtualization
OS hardening
Application white-listing

OS hardening

How well did you know this?

Not at all

Perfectly

After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access?

Time-of-day restrictions
Change management
Periodic auditing of user credentials
User rights and permission review

User rights and permission review

How well did you know this?

Not at all

Perfectly

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.
During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

Transitive access
Spoofing
Man-in-the-middle
Replay

Man in the middle

How well did you know this?

Not at all

Perfectly

After correctly configuring a new wireless enabled thermostat to control the temperature of the company’s
meeting room, Joe, a network administrator determines that the thermostat is not connecting to the
internet based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

The company implements a captive portal
The thermostat is using the incorrect encryption algorithm
the WPA2 shared likely is incorrect
The company’s DHCP server scope is full

The WPA2 shared likely is incorrect

How well did you know this?

Not at all

Perfectly

An administrator discovers the following log entry on a server: Nov 12 2013 00:23:45 httpd[2342]: GET/app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow Which of the following attacks is being attempted? Command injection Password attack Buffer overflow Cross-site scripting

Password attack

Which of the following is the LEAST secure hashing algorithm? SHA1 RIPEMD MD5 DES

MD5

Which of the following use the SSH protocol? ``` Stelnet SCP SNMP FTPS SSL SFTP ```

SCP | SSL

The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured for HTTPS traffic only. The network administrator has been tasked to update all internal sites without incurring additional costs. Which of the following is the best solution for the network administrator to secure each internal website? Use certificates signed by the company CA Use a signing certificate as a wild card certificate Use certificates signed by a public ca Use a self-signed certificate on each internal server

Use a self-signed certificate on each internal server

An organization is working with a cloud services provider to transition critical business applications to a hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data. In which of the following documents would this concern MOST likely be addressed? Service level agreement Interconnection security agreement Non-disclosure agreement Business process analysis

SLA (service level agreement)

During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited? Reporting Preparation Mitigation Lessons Learned

Lesson learned

Which of the following should be used to implement voice encryption? SSLv3 VDSL SRTP VoIP

SRTP

Ann a security analyst is monitoring the IDS console and noticed multiple connections from an internal host to a suspicious call back domain. Which of the following tools would aid her to decipher the network traffic? Vulnerability Scanner NMAP NETSTAT Packet Analyzer

NETSTAT

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net). Which of the following rules is preventing the CSO from accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars? Rule 1: deny from inside to outside source any destination any service smtp Rule 2: deny from inside to outside source any destination any service ping Rule 3: deny from inside to outside source any destination {blocked sites} service http-https Rule 4: deny from any to any source any destination any service any

Rule 3: deny from inside to outside source any destination {blocked sites} service http-https

Which of the following is the summary of loss for a given year? MTBF ALE SLA ARO

ALE (Account Level Equivalence)

Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys. Which of the following can be implemented to enable users to share encrypted data while abiding by company policies? Key escrow Digital signatures PKI Hashing

Digital signatures

Which of the following is the proper way to quantify the total monetary damage resulting from an exploited vulnerability? Calculate the ALE Calculate the ARO Calculate the MTBF Calculate the TCO

Calculate the ALE (Account level Equivalence)

An administrator is testing the collision resistance of different hashing algorithms. Which of the following is the strongest collision resistance test? Find two identical messages with different hashes Find two identical messages with the same hash Find a common has between two specific messages Find a common hash between a specific message and a random message

Find two identical messages with different hashes

An information system owner has supplied a new requirement to the development team that calls for increased non-repudiation within the application. After undergoing several audits, the owner determined that current levels of non-repudiation were insufficient. Which of the following capabilities would be MOST appropriate to consider implementing is response to the new requirement? ``` Transitive trust Symmetric encryption Two-factor authentication Digital signatures One-time passwords ```

Digital signatures

SEE PDF (drop down regarding: retinal scan, passwords, token, fingerprint)

Something you are, something you have, etc.

A security administrator is evaluating three different services: radius, diameter, and Kerberos. Which of the following is a feature that is UNIQUE to Kerberos? It provides authentication services It uses tickets to identify authenticated users It provides single sign-on capability It uses XML for cross-platform interoperability

It uses tickets to identify authenticated users

The Chief Technology Officer (CTO) of a company, Ann, is putting together a hardware budget for the next 10 years. She is asking for the average lifespan of each hardware device so that she is able to calculate when she will have to replace each device. Which of the following categories BEST describes what she is looking for? ALE MTTR MTBF MTTF

MTTF (mean time to failure)

Which of the following best describes the initial processing phase used in mobile device forensics? The phone should be powered down and the battery removed to preserve the state of data on any internal or removable storage utilized by the mobile device The removable data storage cards should be processed first to prevent data alteration when examining the mobile device The mobile device should be examined first, then removable storage and lastly the phone without removable storage should be examined again The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.

The phone and storage cards should be examined as a complete unit after examining the removable storage cards separately.

An auditor has identified an access control system that can incorrectly accept an access attempt from an unauthorized user. Which of the following authentication systems has the auditor reviewed? Password-based Biometric-based Location-based Certificate-based

Biometric-based

See PDF for graph

See PDF

Which of the following attack types is being carried out where a target is being sent unsolicited messages via Bluetooth? War chalking Bluejacking Bluesnarfing Rogue tethering

Bluejacking

A security administrator has been asked to implement a VPN that will support remote access over IPSEC. Which of the following is an encryption algorithm that would meet this requirement? MD5 AES UDP PKI

AES

The process of applying a salt and cryptographic hash to a password then repeating the process many times is known as which of the following? Collision resistance Rainbow table Key stretching Brute force attack

Brute force attack

A penetration testing is preparing for a client engagement in which the tester must provide data that proves and validates the scanning tools' results. Which of the following is the best method for collecting this information? Set up the scanning system's firewall to permit and log all outbound connections Use a protocol analyzer to log all pertinent network traffic Configure network flow data logging on all scanning system Enable debug level logging on the scanning system and all scanning tools used.

Set up the scanning system's firewall to permit and log all outbound connections

A security program manager wants to actively test the security posture of a system. The system is not yet in production and has no uptime requirement or active user base. Which of the following methods will produce a report which shows vulnerabilities that were actually exploited? Peer review Component testing Penetration testing Vulnerability testing

Penetration testing

``` During an application design, the development team specifics a LDAP module for single sign-on communication with the company's access control database. This is an example of which of the following? ``` Application control Data in-transit Identification Authentication

Authentication

A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report? Architecture evaluation Baseline reporting Whitebox testing Peer review

Peer review

A security team wants to establish an Incident Response plan. The team has never experienced an incident. Which of the following would BEST help them establish plans and procedures? Table top exercises Lessons learned Escalation procedures Recovery procedures

Table top exercises

Which of the following are MOST susceptible to birthday attacks? Hashed passwords Digital certificates Encryption passwords One time passwords

Hashed passwords

The Chief Executive Officer (CEO) of a major defense contracting company a traveling overseas for a conference. The CEO will be taking a laptop. Which of the following should the security administrator implement to ensure confidentiality of the data if the laptop were to be stolen or lost during the trip? Remote wipe Full device encryption BIOS password

Full device encryption

An attacker uses a network sniffer to capture the packets of a transaction that adds $20 to a gift card. The attacker then user a function of the sniffer to push those packets back onto the network again, adding another $20 to the gift card. This can be done many times. Which of the following describes this type of attack? ``` Integer overflow attack Smurf attack Replay attack Buffer overflow attack Cross-site scripting attack ```

Replay attack

A system administrator wants to implement an internal communication system that will allow employees to send encrypted messages to each other. The system must also support non- repudiation. Which of the following implements all these requirements? Bcrypt Blowfish PGP SHA

PGP (pretty good privacy)

Joe notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Joe put in place to BEST reduce these incidents? Account lockout Group Based Privileges Least privilege Password complexity

Account lockout

A company is planning to encrypt the files in several sensitive directories of a file server with a symmetric key. Which of the following could be used? ``` RSA TwoFish Diffie-Helman NTLMv2 RIPEMD ```

TwoFish

A computer on a company network was infected with a zero-day exploit after an employee accidentally opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidentally opened it. Which of the following should be done to prevent this scenario from occurring again in the future? Install host-based firewalls on all computers that have an email client installed Set the email program default to open messages in plain text Install end-point protection on all computers that access web email Create new email spam filters to delete all messages from that sender

Install end-point protection on all computers that access web email.

Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company's public facing website in the DMZ. Joe is using steganography to hide stolen data. Which of the following controls can be implemented to mitigate this type of inside threat? ``` Digital signatures File integrity monitoring Access controls Change management Stateful inspection firewall ```

File integrity monitoring

A system administrator is configuring a site-to-site VPN tunnel. Which of the following should be configured on the VPN concentrator during the IKE phase? RIPEMD ECDHE Diffie-Hellman HTTPS

Diffie-Hellman

A company wants to ensure that the validity of publicly trusted certificates used by its web server can be determined even during an extended internet outage. Which of the following should be implemented? Recovery agent Ocsp Crl Key escrow

OCSP

Which of the following is a document that contains detailed information about actions that include how something will be done, when the actions will be performed, and penalties for failure? MOU ISA BPA SLA

SLA

Which of the following is the GREATEST risk to a company by allowing employees to physically bring their personal smartphones to work? Taking pictures of proprietary information and equipment in restricted areas. Installing soft token software to connect to the company's wireless network. Company cannot automate patch management on personally-owned devices. Increases the attack surface by having more target devices on the company's campus

Taking pictures of proprietary information and equipment in restricted areas.

The data backup window has expanded into the morning hours and has begun to affect production users. The main bottleneck in the process is the time it takes to replicate the backups to separate severs at the offsite data center. Which of the following uses of deduplication could be implemented to reduce the backup window? Implement deduplication at the network level between the two locations Implement deduplication on the storage array to reduce the amount of drive space needed Implement deduplication on the server storage to reduce the data backed up Implement deduplication on both the local and remote servers

Implement deduplication on the storage array to reduce the amount of drive space needed

A technician needs to implement a system which will properly authenticate users by their username and password only when the users are logging in from a computer in the office building. Any attempt to authenticate from a location other than the office building should be rejected. Which of the following MUST the technician implement? Dual factor authentication Transitive authentication Single factor authentication Biometric authentication

Transitive authentication

Joe is exchanging encrypted email with another party. Joe encrypts the initial email with a key. When Joe receives a response, he is unable to decrypt the response with the same key he used initially. Which of the following would explain the situation? An ephemeral key was used for one of the messages A stream cipher was used for the initial email; a block cipher was used for the reply Out-of-band key exchange has taken place Asymmetric encryption is being used

Asymmetric encryption is being used

A technician must configure a firewall to block external DNS traffic from entering a network. Which of the following ports should they block on the firewall? 53 110 143 443

A system administrator needs to implement 802.1x whereby when a user logs into the network, the authentication server communicates to the network switch and assigns the user to the proper VLAN. Which of the following protocols should be used? RADIUS Kerberos LDAP MSCHAP

RADIUS

Which of the following BEST describes an attack where communications between two parties are intercepted and forwarded to each party with neither party being aware of the interception and potential modification to the communications? Spear phishing Main-in-the-middle URL hijacking Transitive access

Man in the middle

See PDF

PDF

A company exchanges information with a business partner. An annual audit of the business partner is conducted against the SLA in order to verify: Performance and service delivery metrics Backups are being performed and tested Data ownership is being maintained and audited Risk awareness is being adhered to and enforced

Performance and service delivery metrics

Recently several employees were victims of a phishing email that appeared to originate from the company president. The email claimed the employees would be disciplined if they did not click on a malicious link in the message. Which of the following principles of social engineering made this attack successful? Authority Spamming Social proof Scarcity

Authority

A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following? Change management procedures Job rotation policies Incident response management Least privilege access controls

Change management procedures

A software developer wants to ensure that the application is verifying that a key is valid before establishing SSL connections with random remote hosts on the Internet. Which of the following should be used in the code? (Select TWO.) ``` Escrowed keys SSL symmetric encryption key Software code private key Remote server public key OCSP ```

Software code private key and OCSP

A security administrator is tasked with conducting an assessment made to establish the baseline security posture of the corporate IT infrastructure. The assessment must report actual flaws and weaknesses in the infrastructure. Due to the expense of hiring outside consultants, the testing must be performed using in-house or cheaply available resource. There cannot be a possibility of any requirement being damaged in the test. Which of the following has the administrator been tasked to perform? Risk transference Penetration test Threat assessment Vulnerability assessment

Vulnerability assessment

A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the programmer's proposal? The newly developed protocol will only be as secure as the underlying cryptographic algorithms used. New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries. A programmer should have specialized training in protocol development before attempting to design a new encryption protocol. The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.

New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.

Given the log output: Max 15 00:15:23.431 CRT: #SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: msmith] [Source: 10.0.12.45] [localport: 23] at 00:15:23:431 CET Sun Mar 15 2015 Which of the following should the network administrator do to protect data security? Configure port security for logons Disable telnet and enable SSH Configure an AAA server Disable password and enable RSA authentication

Disable telnet and enable SSH

A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following should be implemented? Mandatory access control Discretionary access control Role based access control Rule-based access control

Discretionary access control

Having adequate lighting on the outside of a building is an example of which of the following security controls? Deterrent Compensating Detective Preventative

Deterrent

Malware that changes its binary pattern on specific dates at specific times to avoid detection is known as a (n): armored virus logic bomb polymorphic virus Trojan

Polymorphic virus

Which of the following would verify that a threat does exist and security controls can easily be bypassed without actively testing an application? Protocol analyzer Vulnerability scan Penetration test Port scanner

Vulnerability scan

Anne, the Chief Executive Officer (CEO), has reported that she is getting multiple telephone calls from someone claiming to be from the helpdesk. The caller is asking to verify her network authentication credentials because her computer is broadcasting across the network. This is MOST likely which of the following types of attacks? Vishing Impersonation Spim Scareware

Vishing

A Security Officer on a military base needs to encrypt several smart phones that will be going into the field. Which of the following encryption solutions should be deployed in this situation? Elliptic curve One-time pad 3DES AES-256

AES-256

The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred. By doing which of the following is the CSO most likely to reduce the number of incidents? Implement protected distribution Empty additional firewalls Conduct security awareness training Install perimeter barricades

Conduct security awareness training

While performing surveillance activities, an attacker determines that an organization is using 802.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security? MAC spoofing Pharming Xmas attack ARP poisoning

MAC spoofing

A network operations manager has added a second row of server racks in the datacenter. These racks face the opposite direction of the first row of racks. Which of the following is the reason the manager installed the racks this way? To lower energy consumption by sharing power outlets To create environmental hot and cold isles To eliminate the potential for electromagnetic interference To maximize fire suppression capabilities

To create environment hot and cold isles

A security administrator is developing training for corporate users on basic security principles for personal email accounts. Which of the following should be mentioned as the MOST secure way for password recovery? Utilizing a single Qfor password recovery Sending a PIN to a smartphone through text message Utilizing CAPTCHA to avoid brute force attacks Use a different e-mail address to recover password

Sending a PIN to a smartphone through text message

Which of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deployment? Cloud computing Virtualization Redundancy Application control

Virtualization

See PDF

A product manager is concerned about continuing operations at a facility located in a region undergoing significant political unrest. After consulting with senior management, a decision is made to suspend operations at the facility until the situation stabilizes. Which of the following risk management strategies BEST describes management's response? Deterrence Mitigation Avoidance Acceptance

Avoidance

A security administrator receives notice that a third-party certificate authority has been compromised, and new certificates will need to be issued. Which of the following should the administrator submit to receive a new certificate? ``` CRL OSCP PFX CSR CA ```

CSR (Certificate Signing Request)

An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality protection. Which of the following AES modes of operation would meet this integrity-only requirement? ``` HMAC PCBC CBC GCM CFB ```

HMAC (hash message authentication code)

Which of the following can affect electrostatic discharge in a network operations center? Fire suppression Environmental monitoring Proximity card access Humidity controls

Humidity controls

Joe, the security administrator, sees this in a vulnerability scan report: "The server 10.1.2.232 is running Apache 2.2.20 which may be vulnerable to a mod_cgi exploit.” Joe verifies that the mod_cgi module is not enabled on 10.1.2.232. This message is an example of: a threat. a risk. a false negative. a false positive.

A false positive

Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the following principles BEST describes the weakness being exploited? Intimidation Scarcity Authority Social proof

Social proof

A security guard has informed the Chief Information Security Officer that a person with a tablet has been walking around the building. The guard also noticed strange white markings in different areas of the parking lot. The person is attempting which of the following types of attacks? Jamming War chalking Packet sniffing Near field communication

War chalking

Joe, a technician, is working remotely with his company provided laptop at the coffee shop near his home. Joe is concerned that another patron of the coffee shop may be trying to access his laptop. Which of the following is an appropriate control to use to prevent the other patron from accessing Joe's laptop directly? full-disk encryption Host-based firewall Current antivirus definitions Latest OS updates

Host-based firewall

The firewall administrator is adding a new certificate for the company's remote access solution. The solution requires that the uploaded file contain the entire certificate chain for the certificate to load properly. The administrator loads the company certificate and the root CA certificate into the file. The file upload is rejected. Which of the following is required to complete the certificate chain? Certificate revocation list Intermediate authority Recovery agent Root of trust

Intermediate authority

An organization relies heavily on an application that has a high frequency of security updates. At present, the security team only updates the application on the first Monday of each month, even though the security updates are released as often as twice a week. Which of the following would be the BEST method of updating this application? Configure testing and automate patch management for the application. Configure security control testing for the application. Manually apply updates for the application when they are released. Configure a sandbox for testing patches before the scheduled monthly update.

Configure testing and automate patch management for the application