Topic 3 Flashcards Preview

Sec+ > Topic 3 > Flashcards

Flashcards in Topic 3 Deck (100)
Loading flashcards...
1

New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?

Fail-safe
Fault tolerance
Fail secure
Redundancy

Fail-safe

2

A supervisor in your organization was demoted on Friday afternoon. The supervisor had the ability to modify the contents of a confidential database, as well as other managerial permissions. On Monday morning, the database administrator reported that log files indicated that several records were missing from the database.
Which of the following risk mitigation strategies should have been implemented when the supervisor was
demoted?

Incident management
Routine auditing
IT governance
Monthly user rights reviews

Monthly user rights reviews

3

A new security policy in an organization requires that all file transfers within the organization be completed
using applications that provide secure transfer. Currently, the organization uses FTP and HTTP to transfer files. Which of the following should the organization implement in order to be compliant with the new policy?

Replace FTP with SFTP and replace HTTP with TLS
Replace FTP with FTPS and replaces HTTP with TFTP
Replace FTP with SFTP and replace HTTP with Telnet
Replace FTP with FTPS and replaces HTTP with IPSec

Replace FTP with SFTP and replace HTTP with TLS

4

During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the
organization incurs in this situation in the
future?

Time-of-day restrictions
User access reviews
Group-based privileges
Change management policies

User access reviews

5

A company wants to host a publicly available server that performs the following functions:
Evaluates MX record lookup
Can perform authenticated requests for A and AAA records Uses RRSIG

Which of the following should the company use to fulfill the above requirements?

DNSSEC
SFTP
nslookup
dig
LDAPS

DNSSEC

6

An organization is moving its human resources system to a cloud services provider.
The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords. Which of the following options meets all of these requirements?

Two-factor authentication
Account and password synchronization
Smartcards with PINS
Federated authentication

Federated authentication

7

A security administrator wishes to implement a secure a method of file transfer when communicating with
outside organizations. Which of the following protocols would BEST facilitate secure file transfers? (Select
TWO)

SCP
TFTP
SNMP
FTP
SMTP
FTPS

SCP
FTPS

8

In an effort to reduce data storage requirements, some company devices to hash every file and eliminate
duplicates. The data processing routines are time sensitive so the hashing algorithm is fast and supported on a wide range of systems. Which of the following algorithms is BEST suited for this purpose?

MD5
SHA
RIPEMD
AES

SHA

9

An attacker wearing a building maintenance uniform approached a company's receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company's list approved maintenance personnel prior to granting physical access to the secure are. The controls used by the receptionist are in place to prevent which of the following types of attacks?

Tailgating
Shoulder surfing
Impersonation
Hoax

Impersonation

10

Which of the following is commonly used for federated identity management across multiple organizations?

SAML
Active Directory
Kerberos
LDAP

SAML

11

An employee uses RDP to connect back to the office network. If RDP is misconfigured, which of the
following security exposures would this lead to?

A virus on the administrator's desktop would be able to sniff the administrator's username and password.

Result in an attacker being able to phish the employee's username and password.

A social engineering attack could occur, resulting in the employee's password being extracted.

A man in the middle attack could occur, resulting the employee's username and password being
captured.

A man in the middle attack could occur, resulting the employee's username and password being
captured.

12

See PDF

Database server 10.10.10.12

13

A security technician would like to obscure sensitive data within a file so that it can be transferred without
causing suspicion. Which of the following technologies would BEST be suited to accomplish this?

Transport Encryption
Stream Encryption
Digital Signature
Steganography

Steganography

14

Drag and drop the correct protocol to its default port

FTP
Telnet
SMTP
SNMP
SCP
TFTP

21
23
25
161
22
69

15

A security administrator needs to implement a system that detects possible intrusions based upon a vendor
provided list. Which of the following BEST describes this type of IDS?

Signature based
Heuristic
Anomaly-based
Behavior-based

Signature based

16

The SSID broadcast for a wireless router has been disabled but a network administrator notices that
unauthorized users are accessing the wireless network. The administer has determined that attackers are still able to detect the presence of the wireless network despite the fact the SSID has been disabled.

Which of the following would further obscure the presence of the wireless network?

Upgrade the encryption to WPA or WPA2
Create a non-zero length SSID for the wireless router
Reroute wireless users to a honeypot
Disable responses to a broadcast probe request

Disable responses to a broadcast probe request

17

Joe a computer forensic technician responds to an active compromise of a database server. Joe first collects information in memory, then collects network traffic and finally conducts an image of the hard drive.

Which of the following procedures did Joe follow?

Order of volatility
Chain of custody
Recovery procedure
Incident isolation

Order of volatility

18

A new intern in the purchasing department requires read access to shared documents. Permissions are
normally controlled through a group called "Purchasing", however, the purchasing group permissions allow write access. Which of the following would be the BEST course of action?

Modify all the shared files with read only permissions for the intern.
Create a new group that has only read permissions for the files.
Remove all permissions for the shared files.
Add the intern to the "Purchasing" group.

Create a new group that has only read permissions for the files.

19

You have just received some room and WiFi access control recommendations from a security consulting
company. Click on each building to bring up available security controls. Please implement the following
requirements:
The Chief Executive Officer's (CEO) office had multiple redundant security measures installed on the door to
the office. Remove unnecessary redundancies to deploy three-factor authentication, while retaining the
expensive iris render.
The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a
passphrase on the customer receipts.
In the Data Center you need to include authentication from the "something you know" category and take
advantage of the existing smartcard reader on the door.
In the Help Desk Office, you need to require single factor authentication through the use of physical tokens
given to guests by the receptionist.
The PII Office has redundant security measures in place. You need to eliminate the redundancy while
maintaining three-factor authentication and retaining the more expensive controls.

See PDF

20

A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list
below in the correct order in which the forensic analyst should preserve them.

RAM
CPU cache
Swap
Hard drive

CPU cache
RAM
Swap
Hard drive

21

A business has recently deployed laptops to all sales employees. The laptops will be used primarily from home offices and while traveling, and a high amount of wireless mobile use is expected. To protect the laptops while connected to untrusted wireless networks, which of the following would be the BEST method for reducing the risk of having the laptops compromised?

MAC filtering
Virtualization
OS hardening
Application white-listing

OS hardening

22

After a merger, it was determined that several individuals could perform the tasks of a network administrator in the merged organization. Which of the following should have been performed to ensure that employees have proper access?

Time-of-day restrictions
Change management
Periodic auditing of user credentials
User rights and permission review

User rights and permission review

23

A network administrator is attempting to troubleshoot an issue regarding certificates on a secure website.
During the troubleshooting process, the network administrator notices that the web gateway proxy on the local network has signed all of the certificates on the local machine. Which of the following describes the type of attack the proxy has been legitimately programmed to perform?

Transitive access
Spoofing
Man-in-the-middle
Replay

Man in the middle

24

After correctly configuring a new wireless enabled thermostat to control the temperature of the company's
meeting room, Joe, a network administrator determines that the thermostat is not connecting to the
internet based control system. Joe verifies that the thermostat received the expected network parameters and it is associated with the AP. Additionally, the other wireless mobile devices connected to the same wireless network are functioning properly. The network administrator verified that the thermostat works when tested at his residence. Which of the following is the MOST likely reason the thermostat is not connecting to the internet?

The company implements a captive portal
The thermostat is using the incorrect encryption algorithm
the WPA2 shared likely is incorrect
The company's DHCP server scope is full

The WPA2 shared likely is incorrect

25

An administrator discovers the following log entry on a server:
Nov 12 2013 00:23:45 httpd[2342]:
GET/app2/prod/proc/process.php?input=change;cd%20../../../etc;cat%20shadow

Which of the following attacks is being attempted?

Command injection
Password attack
Buffer overflow
Cross-site scripting

Password attack

26

Which of the following is the LEAST secure hashing algorithm?

SHA1
RIPEMD
MD5
DES

MD5

27

Which of the following use the SSH protocol?

Stelnet
SCP
SNMP
FTPS
SSL
SFTP

SCP
SSL

28

The chief security officer (CS0) has issued a new policy that requires that all internal websites be configured
for HTTPS traffic only. The network administrator has been tasked to update all internal sites without
incurring additional costs. Which of the following is the best solution for the network administrator to secure
each internal website?

Use certificates signed by the company CA
Use a signing certificate as a wild card certificate
Use certificates signed by a public ca
Use a self-signed certificate on each internal server

Use a self-signed certificate on each internal server

29

An organization is working with a cloud services provider to transition critical business applications to a
hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data. In which of the following documents would this concern MOST likely be addressed?

Service level agreement
Interconnection security agreement
Non-disclosure agreement
Business process analysis

SLA (service level agreement)

30

During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping
tools. The necessary tools are quickly distributed to the required technicians, but when should this problem
BEST be revisited?

Reporting
Preparation
Mitigation
Lessons Learned

Lesson learned